General • Re: Problem with IPsec after update to 6.42

Woes without technical details are pointless; what helps is analysis. Networking environment is a dynamic one with all those automatic updates which sometimes happen without letting the user know if the OS vendor deems them “critical”, so a conclusion that a Mikrotik is the reason of the problem if you haven’t upgraded it (i.e. in the case where it worked for a week and then stopped) is a premature one without a hop-by-hop analysis of the traffic. I don’t say it cannot be a Mikrotik issue; I just say that there is a good chance that it isn’t and that it can thus be resolved, and that if it is a Mikrotik issue, it needs to be reported in a way allowing the R&D to fix it.

So I’d recommend to use /tool sniffer or /tool torch to check whether the ICMP packets do arrive from the host on one site, arrive encrypted via WAN to the other site, and leave the LAN interface towards the target host on the other site, and do the same for the responses. I’d also check whether the /ip ipsec installed-sa print shows any packets to be transported at all. All this allows to find out which of the devices drops the packets and is the basis for finding out why.

If you want, you can post the configuration exports of both devices following the hint in my automatic signature.

Statistics: Posted by sindy — Mon Apr 15, 2019 8:11 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s