any more specific ideas, regarding that is more that 50 ipsec on the server? Client side # jan/13/2021 13:02:56 by RouterOS 6.48 # software id = 1R3H-GDJM # # model = RBM33G # serial number = A2FD0C7A4D0D /ip ipsec policy group add name=ikev2-group /ip ipsec profile add dh-group=modp2048 enc-algori...

Changing it at one peer in a pair only will not solve the issue. It must be changed at both peers. Whether it is a bug introduced or a bug fixed is unclear to me.

downgraded server (CHR) to 6.47.8 and no errors. Will wait for the fix of this.

Always was thinking, that proposals must be exactly the same, from both sides of ipsec, am i wrong?? Correct, they must be the same at both sides. However, it seems 6.48 has a problem if you ask it not to use the pfs key from the initial establishment of Phase 2 by specifying a value in pfs-group i...

any more specific ideas, regarding that is more that 50 ipsec on the server? My understanding of the references to pfs-group in the current topic and in the one @eworm refers to (in a post which itself does not contain the keyword pfs) is the following: pfs is always used in IKEv2 if you set the pf...

any more specific ideas, regarding that is more that 50 ipsec on the server? Client side # jan/13/2021 13:02:56 by RouterOS 6.48 # software id = 1R3H-GDJM # # model = RBM33G # serial number = A2FD0C7A4D0D /ip ipsec policy group add name=ikev2-group /ip ipsec profile add dh-group=modp2048 enc-algorit...

reviewed all this, found some problems, where people was wrong setup and using default proposals, and still no answer - in my case PFS group and proposals are setuped correctly, on both sides. If on both sides in proposals PFS group is 2048 and lifetime 30, is it a mistake? Search this thread for p...

any ideas why upgrade causes full of errors regarding IKE2 rekey? https://forum.mikrotik.com/search.php?keywords=rekey&t=171035&sf=msgonly reviewed all this, found some problems, where people was wrong setup and using default proposals, and still no answer - in my case PFS group and proposa...

any ideas why upgrade causes full of errors regarding IKE2 rekey?
50+ devices upgraded, with correct setup of PFS groups on both sides, and every 30 minutes - rekey failed, OSPF goes down

The script can be the follows, but anyway, hope this is not the solution at all... : do { :local lte1ip [/ip address get [find address~"/32" and interface=lte1] address]; :local defroute [/ip route get [find distance=1 and gateway=lte1 and disabled=no and dst-address="0.0.0.0/0"]...

hi guys [xxxxxx@MikroTikxxxx] /ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 2 192.168.1.1/24 192.168.1.0 local 3 D 85.yyy.xxx.71/32 85.yyy.xxx.71 lte1 4 D 172.16.252.236/24 172.16.252.0 lte1 [xxxxx@MikroTikxxxxx] /ip route> print where dst-address="...

I don't have any LTE to test with, but does it have an equivalent of DHCP's lease script? If so, you can update anything you want from there. Thanks for your answer. The LTE is taking parameters from LTE APN, where you can only choose "Add Default Route" option, and can edit the Default R...

Hello everybody... Situation is quite clear. SXTR Lte6 Mikrotik, dynamic ip address getting from mobile operator. For example 1.2.3.4 SXTR is connecting to Ikev2 VPN server(CHR), getting all ip setup from mode-config. As the result - we have additional IP address on the LTE1 interface. For example (...

in the winbox, BRIDGE section is showing NOTHING in PORTS section.

If you select Detail Mode - ports are showing.

Winbox - last verstion, RouterOS 6.42.1 .
On the 6.42 version everything was ok.

Any ideas???