I had an issue the past few days where a site would not establish an IPSec tunnel after reboot.
I eventually narrowed it down to DNS.
The tunnel uses a peer FQDN: vpn.domain.com
The router has 2 static DNS FWD entries:
Code: Select all
/ip dns static add forward-to=1.1.1.1 name=vpn.domain.com type=FWD
/ip dns static add forward-to=10.56.53.26 match-subdomain=yes name=domain.com type=FWD
If I disable both and reboot the tunnel establishes.
If I enable either, then the tunnel does not establish.
I created a workaround by running a script on startup to wait 10 seconds and then to disable and reenable the IPSec peer.