The issue im having is: if on my iPHONE i open my IPsec/L2TP VPn , it will knock off (or otherwise disable/disconnect) that specific locations's mikrotik's L2TP Client VPN until about 20 minutes after i close the iPhone's L2TP / IPSEC VPN.
Im pretty sure ive identified the issue/cause of this (screen shot below), it is these dynamically generated IPsec policies , they get dynamically generated with the public IP (as DST-Address) of the location where my iPhone is opening its VPN from upon the iPhone connecting (this same IP / location is also where i have the mikrotik running non IPsec L2TP which gets disconnected).
the problem is i cant manually remove this dynamically created rule. (ROS give error: "Couldnt remove IPsec Policy <IP - IP> - cannot remove dynamically generated policy (6).
what do i do about this? or is there a way to change the timeout on these dynamically generated IPsec polices such that once the iphone disconnets, prehaps the rule will timeout and thus my mikrotik can then re-establish its L2TP client connecction? (or is there a better way?)
Code: Select all
v_VPN] /ip ipsec policy> pr Flags: T - template, X - disabled, D - dynamic, I - inactive, * - default 0 T * group=default src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all proposal=default template=yes 1 D src-address=6X.19X.XX8.X7/32 src-port=any dst-address=68.1X.XX.23X/32 dst-port=any protocol=udp action=encrypt level=require ipsec-protocols=esp tunnel=no sa-src-address=6X.19X.XX8.X7 sa-dst-address=68.1X.XX.23X priority=2 [admin@v_VPN] /ip ipsec policy>