Search results

Both PFS is set to none. I think it's a firewall issue, I forgot to allow ESP traffic, and when I set things up the first time, I did some pings and that establishes the connection. But after the lifetime of connections finishes, it needs to reestablish and somehow could not establish by...

Thanks Andy, I can confirm that using a DDNS name works in Peers, in version 6.45.8. Though I observe that in the log, sometimes the responder will terminate the connection for some reason, thus needing to re-establish the tunnel.

I found the issue, I'm still on 6.44.6 long term, and it seems on the latest 6.45.8, they changed the concept. I'm a bit worried about touching a running system, so I always held back on updating. Now the SA addresses are pulled from the peer, not defined in the policy itself. Since the peer...

It's the Policies tab: Putting in ::/0 does the same thing. Funny thing is, the template has 0.0.0.0 and it will accept it. Problem is, if Template is selected, the Tunnel option is gone. I guess I need to resort to scripts or find another way for dynamic ip site-to-site.

Thanks for checking, it does indeed work like that now. No dice i'm afraid on the 0.0.0.0 on the SA dst address. A warning sign pops up saying that it expects an IP address.

It's these. When adding a new peer, these things are not present. But I think I found it, did they move it to IPsec > profile and IPsec > identity? Understood regarding the second question. One question though, let's say site A has a dynamic IP, and site B has a static IP. What should be put...

Hi Andy, could you help update the method for 6.44.6? It seems they have removed the Advanced and Encryption options in IPsec Peers menu. Also, what do you mean by this one: "If one of MikroTik’s WAN IP address is dynamic, set up that router as the initiator (i.e. dial-out)" I thought for IPsec...