A
A
Andrey2017-01-17 20:16:37
VPN
Andrey, 2017-01-17 20:16:37

Why does the ipsec,error phase1 error occur?

Good afternoon friends!
I ask for your help in this matter: I'm trying to make a banal, chewed 100 times scheme for connecting an additional office to the head office.
Mikrotik-Mikrotik bond. Head office static. Additional office - dynamic address.
I contact the head on l2tp. (10.10.183.1 is the local address of the head office tunnel. 10.10.183.2 is the address of the additional office)
Raised ipsec inside the tunnel (alas, in tunnel mode).
Once the connection is established, everything works.
But when the tunnel breaks, the following errors begin to appear in the logs:

15:07:04 l2tp,ppp,info <l2tp-TEST_LENIN_JD>: terminating...
15:07:04 l2tp,ppp,info,account TEST_LENIN_JD logged out, 737777 9633472 8828785 144970 137188
15:07:04 l2tp,ppp,info <l2tp-TEST_LENIN_JD>: disconnected
15:07:04 route,ospf,info OSPFv2 neighbor 10.10.183.2: state change from Full to Down
15:10:35 ipsec,error phase1 negotiation failed due to time up 212.12.134.77[500]<=>10.10.183.2[500] 948c48daee
d1bfbd:0000000000000000
15:11:45 ipsec,error phase1 negotiation failed due to time up 212.12.134.77[500]<=>10.10.183.2[500] 925b3f56c4
f67467:0000000000000000

Tell me why they appear?
Why does the external address appear here if it does not appear anywhere in the ipsec settings?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
P
PaulC, 2017-02-06
@PaulC

The same problem. Only in the case of dynamic ipsec policies, after restoring a broken channel, encryption is turned on according to an elusive pattern, every other time, as God puts it on my soul, And I have static routes.
I think the problem is something else.

A
Alexey Rusakov, 2017-01-27
@yarusakov

Try using EoIP for your purposes .

A
Andrey, 2017-01-28
@andrey71

Friends, to everyone who is looking for an answer to this question, I hasten to share the option of getting rid of these lines in the logs.
I assembled the circuit on test devices, with the latest firmware 6.38.1 and with the default configuration.
L2TP server - client, checked the box to use IPSEC, all policies are created dynamically, everything works fine in this mode!
When disconnected, the log is clear.
BUT! As soon as I created dynamic routing, encryption disappeared :(
SAs are not installed.
Maybe someone faced such a disaster?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question