Dear colleagues,

I've been suffering lately from many connectivity attempts via IPSEC and as a result, the logs of the Mikrotik equipment I manage are full of entries and information.

The events I usually receive are these:

ipsec,error: phase1 negotiation failed due to time up
ipsec, error phase1 negotiation failed.
ipsec,error failed to pre-process ph1 packet (side: 1, status 1).
ipsec,error failed to get valid proposal.
ipsec, error no suitable proposal found.

I would like to know if there is any functional script that identifies any of these messages above and blacklists the destination IP?

I found this post here on the forum but unfortunately no one responds and the post's script ends up putting 0.0.0.0 on the blacklist.
viewtopic.php?t=148397

Can anybody help me ?

Hi!
A possible script option:
https://github.com/drpioneer/MikrotikBl ... danger.rsc

From what I'm seeing in your script, it goes too far and goes far beyond what I need, and since I don't understand it, I asked for help.