I have VPN tunnel in IKE2 mode.
Mikrotik CCR1009 v6.40.4 as a server and Windows 10 client!
If no packets go through tunnel then Mikrotik drop ph2 dynamic policy from ipsec policy. Time to policy drop ~2h
On widows builtin vpn client no error, tunnel still active, but no traffic pass from router, because no policy.
Policy created from template:
Code:Select all
/ip ipsec mode-config add address-pool=rw_vpn_pool name=rw-mode-config split-include=192.168.200.0/24 comment="Split include dont work on Windows 10 client!!!" /ip ipsec policy group add name=RoadWarrior /ip ipsec proposal add enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=7h30m name=proposal-rw pfs-group=none /ip ipsec peer add address=0.0.0.0/0 auth-method=eap-radius certificate=ipsec.cer_0 comment="RW setup" dh-group=modp1024 enc-algorithm=aes-256,aes-128 exchange-mode=ike2 generate-policy=\ port-strict lifetime=8h local-address=1.1.1.1 mode-config=rw-mode-config passive=yes policy-template-group=RoadWarrior send-initial-contact=no /ip ipsec policy add comment="VPN srv->rwarrior" dst-address=10.60.0.0/24 group=RoadWarrior proposal=proposal-rw src-address=192.168.200.0/24 template=yesAlso catchipsec debug logon screenshot