IPSEC died before rekey

robertbisom · February 4, 2025, 4:45pm

I had configuration with roadwarriors connection to mikrotik via IPSEC. It’s only for one Mac OS laptop.
It works less than 30 minutes and then SA-kill.

When connected, everything is working okay.
It looks like there is no disconnection if client works on VPN, but if goes from laptop away. Laptop is turned on all the time.

Here is log (X.X.X.X is mikrotik, Y.Y.Y.Y. client):

Feb/04/2025 16:55:40 ipsec,debug KA: X.X.X.X[4500]->Y.Y.Y.Y[45760]
Feb/04/2025 16:55:40 ipsec,debug 1 times of 1 bytes message will be sent to Y.Y.Y.Y[45760]
Feb/04/2025 16:55:40 ipsec,debug,packet ff
Feb/04/2025 16:55:44 ipsec,debug ===== received 368 bytes from Y.Y.Y.Y[45760] to X.X.X.X[4500]
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 2e202408 00000004 00000170 29000154
Feb/04/2025 16:55:44 ipsec,debug,packet a3c6a8b1 dade031b ce656a9e a385d7b1 1e31d34e 512ddc94 b437a963 fe7e7bb7
Feb/04/2025 16:55:44 ipsec,debug,packet 083110d8 fec14076 164ee934 be6fae3c 5dbfe29c c822e59c 577f22b4 85b6d08b
Feb/04/2025 16:55:44 ipsec,debug,packet 74ee2de5 c09aab42 559c822a 3eb68f7c 4f26f545 80187375 4ebd89f4 94f01af6
Feb/04/2025 16:55:44 ipsec,debug,packet e039c96f 3b4a0818 3b695fdd c497d19b 67afbf38 28a2dfb9 978c16b9 a9d8ce0a
Feb/04/2025 16:55:44 ipsec,debug,packet afd84ba1 f34d4933 91cd7374 24c2fbc3 70201bd6 bcedb010 45e5f3d6 4b535d8f
Feb/04/2025 16:55:44 ipsec,debug,packet 15cd14b1 8660b4af 2e79b49a b50d0701 1837714b ed068c0c b2b3c95f 43652375
Feb/04/2025 16:55:44 ipsec,debug,packet 6434dd22 7894de36 41348823 ec86cf1e cd569374 3fe9eb05 1a048723 73d7caba
Feb/04/2025 16:55:44 ipsec,debug,packet ea106345 f8a6ed87 273f8d81 8e73da37 1246e632 5ebe5cf4 b248167c 0122ad4c
Feb/04/2025 16:55:44 ipsec,debug,packet 6c21670e 2df35093 4b6e16d0 b6dc0cce 63800b45 afacde00 3fe57733 63b2f3b6
Feb/04/2025 16:55:44 ipsec,debug,packet 81792bae ea62fa00 bd4148e6 7accbea4 7d9c436b 299dce11 cc9ddba2 1d437403
Feb/04/2025 16:55:44 ipsec,debug,packet a5482243 c75aa736 a10cefdf 9ba4f184
Feb/04/2025 16:55:44 ipsec -> ike2 request, exchange: CREATE_CHILD_SA:4 Y.Y.Y.Y[45760] a42f24d2ab02daa0:6e693172a35cc7b7
Feb/04/2025 16:55:44 ipsec payload seen: ENC (340 bytes)
Feb/04/2025 16:55:44 ipsec processing payload: ENC
Feb/04/2025 16:55:44 ipsec,debug => iv (size 0x10)
Feb/04/2025 16:55:44 ipsec,debug a3c6a8b1 dade031b ce656a9e a385d7b1
Feb/04/2025 16:55:44 ipsec,debug decrypted packet
Feb/04/2025 16:55:44 ipsec,debug,packet => decrypted packet (size 0x140)
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 29202408 00000004 00000140 2100000c
Feb/04/2025 16:55:44 ipsec,debug,packet 03044009 086825b2 2800008c 02000030 01030404 07323d83 0300000c 0100000c
Feb/04/2025 16:55:44 ipsec,debug,packet 800e0100 03000008 0300000c 03000008 04000013 00000008 05000000 02000030
Feb/04/2025 16:55:44 ipsec,debug,packet 02030404 07323d83 0300000c 0100000c 800e0100 03000008 0300000c 03000008
Feb/04/2025 16:55:44 ipsec,debug,packet 0400000e 00000008 05000000 00000028 03030403 07323d83 0300000c 0100000c
Feb/04/2025 16:55:44 ipsec,debug,packet 800e0100 03000008 0300000c 00000008 05000000 22000014 50b57290 6cba9fce
Feb/04/2025 16:55:44 ipsec,debug,packet 67134425 c491a3f7 2c000048 00130000 e89fe456 24476bc0 ee1e57d7 25ddd124
Feb/04/2025 16:55:44 ipsec,debug,packet 2cbaa140 6f581853 792afb28 c8f6eab8 9570449f 2b0cb3f5 c499e237 10f7a130
Feb/04/2025 16:55:44 ipsec,debug,packet 
Feb/04/2025 16:55:44 ipsec,debug,packet 8d181678 763ba831 84b348ee f3de4f9d 2d000018 01000000 07000010 0000ffff
Feb/04/2025 16:55:44 ipsec,debug,packet c0a81528 c0a81528 00000018 01000000 07000010 0000ffff 0af00ac0 0af00acf
Feb/04/2025 16:55:44 ipsec payload seen: NOTIFY (12 bytes)
Feb/04/2025 16:55:44 ipsec payload seen: SA (140 bytes)
Feb/04/2025 16:55:44 ipsec payload seen: NONCE (20 bytes)
Feb/04/2025 16:55:44 ipsec payload seen: KE (72 bytes)
Feb/04/2025 16:55:44 ipsec payload seen: TS_I (24 bytes)
Feb/04/2025 16:55:44 ipsec payload seen: TS_R (24 bytes)
Feb/04/2025 16:55:44 ipsec create child: respond
Feb/04/2025 16:55:44 ipsec processing payloads: NOTIFY
Feb/04/2025 16:55:44 ipsec   notify: REKEY_SA
Feb/04/2025 16:55:44 ipsec rekeying child SA 0x86825b2
Feb/04/2025 16:55:44 ipsec peer wants tunnel mode
Feb/04/2025 16:55:44 ipsec processing payload: TS_R
Feb/04/2025 16:55:44 ipsec 10.240.10.192/28
Feb/04/2025 16:55:44 ipsec processing payload: TS_I
Feb/04/2025 16:55:44 ipsec 192.168.21.40
Feb/04/2025 16:55:44 ipsec checking: 10.240.10.192/28 <=> 192.168.21.40
Feb/04/2025 16:55:44 ipsec processing payload: SA
Feb/04/2025 16:55:44 ipsec IKE Protocol: ESP
Feb/04/2025 16:55:44 ipsec  proposal #1
Feb/04/2025 16:55:44 ipsec   enc: aes256-cbc
Feb/04/2025 16:55:44 ipsec   auth: sha256
Feb/04/2025 16:55:44 ipsec   dh: ecp256
Feb/04/2025 16:55:44 ipsec  proposal #2
Feb/04/2025 16:55:44 ipsec   enc: aes256-cbc
Feb/04/2025 16:55:44 ipsec   auth: sha256
Feb/04/2025 16:55:44 ipsec   dh: modp2048
Feb/04/2025 16:55:44 ipsec  proposal #3
Feb/04/2025 16:55:44 ipsec   enc: aes256-cbc
Feb/04/2025 16:55:44 ipsec   auth: sha256
Feb/04/2025 16:55:44 ipsec matched proposal:
Feb/04/2025 16:55:44 ipsec  proposal #3
Feb/04/2025 16:55:44 ipsec   enc: aes256-cbc
Feb/04/2025 16:55:44 ipsec   auth: sha256
Feb/04/2025 16:55:44 ipsec processing payload: NONCE
Feb/04/2025 16:55:44 ipsec create child: finish
Feb/04/2025 16:55:44 ipsec adding payload: NONCE
Feb/04/2025 16:55:44 ipsec,debug => (size 0x1c)
Feb/04/2025 16:55:44 ipsec,debug 0000001c c7f16587 7934203f f6c9c987 d7faa23d c18e0d7a bd1a37d6
Feb/04/2025 16:55:44 ipsec initiator selector: 192.168.21.40 
Feb/04/2025 16:55:44 ipsec adding payload: TS_I
Feb/04/2025 16:55:44 ipsec,debug => (size 0x18)
Feb/04/2025 16:55:44 ipsec,debug 00000018 01000000 07000010 0000ffff c0a81528 c0a81528
Feb/04/2025 16:55:44 ipsec responder selector: 10.240.10.192/28 
Feb/04/2025 16:55:44 ipsec adding payload: TS_R
Feb/04/2025 16:55:44 ipsec,debug => (size 0x18)
Feb/04/2025 16:55:44 ipsec,debug 00000018 01000000 07000010 0000ffff 0af00ac0 0af00acf
Feb/04/2025 16:55:44 ipsec adding payload: SA
Feb/04/2025 16:55:44 ipsec,debug => (size 0x2c)
Feb/04/2025 16:55:44 ipsec,debug 0000002c 00000028 03030403 055fdcaf 0300000c 0100000c 800e0100 03000008
Feb/04/2025 16:55:44 ipsec,debug 0300000c 00000008 05000000
Feb/04/2025 16:55:44 ipsec <- ike2 reply, exchange: CREATE_CHILD_SA:4 Y.Y.Y.Y[45760] a42f24d2ab02daa0:6e693172a35cc7b7
Feb/04/2025 16:55:44 ipsec,debug,packet => outgoing plain packet (size 0x94)
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 28202420 00000004 00000094 2c00001c
Feb/04/2025 16:55:44 ipsec,debug,packet c7f16587 7934203f f6c9c987 d7faa23d c18e0d7a bd1a37d6 2d000018 01000000
Feb/04/2025 16:55:44 ipsec,debug,packet 07000010 0000ffff c0a81528 c0a81528 21000018 01000000 07000010 0000ffff
Feb/04/2025 16:55:44 ipsec,debug,packet 0af00ac0 0af00acf 0000002c 00000028 03030403 055fdcaf 0300000c 0100000c
Feb/04/2025 16:55:44 ipsec,debug,packet 800e0100 03000008 0300000c 00000008 05000000
Feb/04/2025 16:55:44 ipsec adding payload: ENC
Feb/04/2025 16:55:44 ipsec,debug => (size 0xc4)
Feb/04/2025 16:55:44 ipsec,debug 280000c4 03a54822 43c75aa7 36a10cef df9ba4f1 472a8325 ae2b310d 4b5f7ca9
Feb/04/2025 16:55:44 ipsec,debug 4478c9d8 0471b216 e6d4fdad 948b154d fe869207 4612b770 4e4fe6f2 3f91dcd9
Feb/04/2025 16:55:44 ipsec,debug 5124a2e3 3e882053 b394e891 412dd2d3 f3007092 72b74feb 10be343f f94469f6
Feb/04/2025 16:55:44 ipsec,debug a14faca3 49fcbbf7 094f1c27 c6bc6c97 b7ce5be7 a75e687a a638ccf2 54bc151b
Feb/04/2025 16:55:44 ipsec,debug 27682060 46950f70 0848005f 2831da0c ba22adde 19393fc9 6c54a94a 1b996f36
Feb/04/2025 16:55:44 ipsec,debug 3f75107c 04de0b7f 27b2ae2c b5fae71c 016339d6 00000000 00000000 00000000
Feb/04/2025 16:55:44 ipsec,debug 00000000
Feb/04/2025 16:55:44 ipsec,debug ===== sending 224 bytes from X.X.X.X[4500] to Y.Y.Y.Y[45760]
Feb/04/2025 16:55:44 ipsec,debug 1 times of 228 bytes message will be sent to Y.Y.Y.Y[45760]
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 2e202420 00000004 000000e0 280000c4
Feb/04/2025 16:55:44 ipsec,debug,packet 03a54822 43c75aa7 36a10cef df9ba4f1 472a8325 ae2b310d 4b5f7ca9 4478c9d8
Feb/04/2025 16:55:44 ipsec,debug,packet 0471b216 e6d4fdad 948b154d fe869207 4612b770 4e4fe6f2 3f91dcd9 5124a2e3
Feb/04/2025 16:55:44 ipsec,debug,packet 3e882053 b394e891 412dd2d3 f3007092 72b74feb 10be343f f94469f6 a14faca3
Feb/04/2025 16:55:44 ipsec,debug,packet 49fcbbf7 094f1c27 c6bc6c97 b7ce5be7 a75e687a a638ccf2 54bc151b 27682060
Feb/04/2025 16:55:44 ipsec,debug,packet 46950f70 0848005f 2831da0c ba22adde 19393fc9 6c54a94a 1b996f36 3f75107c
Feb/04/2025 16:55:44 ipsec,debug,packet 04de0b7f 27b2ae2c b5fae71c 016339d6 d4c3ae5e c016d653 651f9c79 48225773
Feb/04/2025 16:55:44 ipsec,debug => child keymat (size 0x80)
Feb/04/2025 16:55:44 ipsec,debug 2bdfdc3a d0dd2c14 3fd73c22 509a9683 16c54214 d4485558 227e4942 2772415d
Feb/04/2025 16:55:44 ipsec,debug 88e30deb a803464a b333168a 871fe7b2 a68f6b97 025d2790 09991c1f 1ff3098f
Feb/04/2025 16:55:44 ipsec,debug 18b54334 4c36e77e 37d9b2ff bce8e75b 3d34bb99 b0bce8b6 af03d5e3 ffd3cfc0
Feb/04/2025 16:55:44 ipsec,debug 22d4103a be6725e8 4bba4a20 e21986c6 67500fe7 06ed4351 cbc9f00f 17bc0395
Feb/04/2025 16:55:44 ipsec IPsec-SA established: Y.Y.Y.Y[45760]->X.X.X.X[4500] spi=0x55fdcaf
Feb/04/2025 16:55:44 ipsec,debug ===== received 80 bytes from Y.Y.Y.Y[45760] to X.X.X.X[4500]
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 2e202508 00000005 00000050 2a000034
Feb/04/2025 16:55:44 ipsec,debug,packet 268e219f ea4a4971 c971ee54 9fd272c2 3f7debd6 6572f523 48789bfd 7c63ca70
Feb/04/2025 16:55:44 ipsec,debug,packet d36afb5f 6bcf730f 58b2792f 681db095
Feb/04/2025 16:55:44 ipsec -> ike2 request, exchange: INFORMATIONAL:5 Y.Y.Y.Y[45760] a42f24d2ab02daa0:6e693172a35cc7b7
Feb/04/2025 16:55:44 ipsec payload seen: ENC (52 bytes)
Feb/04/2025 16:55:44 ipsec processing payload: ENC
Feb/04/2025 16:55:44 ipsec,debug => iv (size 0x10)
Feb/04/2025 16:55:44 ipsec,debug 268e219f ea4a4971 c971ee54 9fd272c2
Feb/04/2025 16:55:44 ipsec,debug decrypted packet
Feb/04/2025 16:55:44 ipsec,debug,packet => decrypted packet (size 0x28)
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 2a202508 00000005 00000028 0000000c
Feb/04/2025 16:55:44 ipsec,debug,packet 03040001 086825b2
Feb/04/2025 16:55:44 ipsec payload seen: DELETE (12 bytes)
Feb/04/2025 16:55:44 ipsec respond: info
Feb/04/2025 16:55:44 ipsec processing payloads: NOTIFY (none found)
Feb/04/2025 16:55:44 ipsec processing payloads: DELETE
Feb/04/2025 16:55:44 ipsec delete ESP SA
Feb/04/2025 16:55:44 ipsec delete spi: 0x86825b2
Feb/04/2025 16:55:44 ipsec IPsec-SA established: X.X.X.X[4500]->Y.Y.Y.Y[45760] spi=0x7323d83
Feb/04/2025 16:55:44 ipsec IPsec-SA killing: Y.Y.Y.Y[45760]->X.X.X.X[4500] spi=0x899aeda
Feb/04/2025 16:55:44 ipsec IPsec-SA killing: X.X.X.X[4500]->Y.Y.Y.Y[45760] spi=0x86825b2
Feb/04/2025 16:55:44 ipsec,debug sending empty reply
Feb/04/2025 16:55:44 ipsec <- ike2 reply, exchange: INFORMATIONAL:5 Y.Y.Y.Y[45760] a42f24d2ab02daa0:6e693172a35cc7b7
Feb/04/2025 16:55:44 ipsec,debug,packet => outgoing plain packet (size 0x1c)
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 00202520 00000005 0000001c
Feb/04/2025 16:55:44 ipsec adding payload: ENC
Feb/04/2025 16:55:44 ipsec,debug => (size 0x44)
Feb/04/2025 16:55:44 ipsec,debug 00000044 70d36afb 5f6bcf73 0f58b279 2f681db0 8f90cc1e ad1368de 0a81adf5
Feb/04/2025 16:55:44 ipsec,debug 55dc9055 4d42edde 3acc00bc 5f0c5f4f 06783d5c ff200000 02000000 55848888
Feb/04/2025 16:55:44 ipsec,debug 00000000
Feb/04/2025 16:55:44 ipsec,debug ===== sending 96 bytes from X.X.X.X[4500] to Y.Y.Y.Y[45760]
Feb/04/2025 16:55:44 ipsec,debug 1 times of 100 bytes message will be sent to Y.Y.Y.Y[45760]
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 2e202520 00000005 00000060 00000044
Feb/04/2025 16:55:44 ipsec,debug,packet 70d36afb 5f6bcf73 0f58b279 2f681db0 8f90cc1e ad1368de 0a81adf5 55dc9055
Feb/04/2025 16:55:44 ipsec,debug,packet 4d42edde 3acc00bc 5f0c5f4f 06783d5c 33c6f594 46f878f1 9716f486 7acb129f
Feb/04/2025 16:55:44 ipsec,debug ===== received 80 bytes from Y.Y.Y.Y[45760] to X.X.X.X[4500]
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 2e202508 00000006 00000050 2a000034
Feb/04/2025 16:55:44 ipsec,debug,packet 4ccfd111 8976c3b1 58d8227a c873cbe9 402fff1c 9cadd1f6 09f09f11 54610331
Feb/04/2025 16:55:44 ipsec,debug,packet 4b6d727e 06ffb0fd e906082a 1259de00
Feb/04/2025 16:55:44 ipsec -> ike2 request, exchange: INFORMATIONAL:6 Y.Y.Y.Y[45760] a42f24d2ab02daa0:6e693172a35cc7b7
Feb/04/2025 16:55:44 ipsec payload seen: ENC (52 bytes)
Feb/04/2025 16:55:44 ipsec processing payload: ENC
Feb/04/2025 16:55:44 ipsec,debug => iv (size 0x10)
Feb/04/2025 16:55:44 ipsec,debug 4ccfd111 8976c3b1 58d8227a c873cbe9
Feb/04/2025 16:55:44 ipsec,debug decrypted packet
Feb/04/2025 16:55:44 ipsec,debug,packet => decrypted packet (size 0x24)
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 2a202508 00000006 00000024 00000008
Feb/04/2025 16:55:44 ipsec,debug,packet 01000000
Feb/04/2025 16:55:44 ipsec payload seen: DELETE (8 bytes)
Feb/04/2025 16:55:44 ipsec respond: info
Feb/04/2025 16:55:44 ipsec processing payloads: NOTIFY (none found)
Feb/04/2025 16:55:44 ipsec processing payloads: DELETE
Feb/04/2025 16:55:44 ipsec delete IKE SA
Feb/04/2025 16:55:44 ipsec <- ike2 reply, exchange: INFORMATIONAL:6 Y.Y.Y.Y[45760] a42f24d2ab02daa0:6e693172a35cc7b7
Feb/04/2025 16:55:44 ipsec,debug,packet => outgoing plain packet (size 0x1c)
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 00202520 00000006 0000001c
Feb/04/2025 16:55:44 ipsec adding payload: ENC
Feb/04/2025 16:55:44 ipsec,debug => (size 0x84)
Feb/04/2025 16:55:44 ipsec,debug 00000084 314b6d72 7e06ffb0 fde90608 2a1259de 46e0c434 60f79ef9 df5609dd
Feb/04/2025 16:55:44 ipsec,debug 4e7c65b1 89aee84f 529d3f89 b51d79a4 256a1a42 d2113127 37e0ad8c 75d8dfb8
Feb/04/2025 16:55:44 ipsec,debug 086a0cbd 35ea7afd 0a2a566d ba0afc63 dc94f6ee 6a206e12 c6e8cf56 de92307a
Feb/04/2025 16:55:44 ipsec,debug d86b2e6c fc9d9447 1b12b031 5af5aa13 fcf7d2cd 5470d776 c05b0a00 6a5c0a00
Feb/04/2025 16:55:44 ipsec,debug f0de0a00
Feb/04/2025 16:55:44 ipsec,debug ===== sending 160 bytes from X.X.X.X[4500] to Y.Y.Y.Y[45760]
Feb/04/2025 16:55:44 ipsec,debug 1 times of 164 bytes message will be sent to Y.Y.Y.Y[45760]
Feb/04/2025 16:55:44 ipsec,debug,packet a42f24d2 ab02daa0 6e693172 a35cc7b7 2e202520 00000006 000000a0 00000084
Feb/04/2025 16:55:44 ipsec,debug,packet 314b6d72 7e06ffb0 fde90608 2a1259de 46e0c434 60f79ef9 df5609dd 4e7c65b1
Feb/04/2025 16:55:44 ipsec,debug,packet 89aee84f 529d3f89 b51d79a4 256a1a42 d2113127 37e0ad8c 75d8dfb8 086a0cbd
Feb/04/2025 16:55:44 ipsec,debug,packet 35ea7afd 0a2a566d ba0afc63 dc94f6ee 6a206e12 c6e8cf56 de92307a d86b2e6c
Feb/04/2025 16:55:44 ipsec,debug,packet fc9d9447 1b12b031 5af5aa13 fcf7d2cd c1af721c 8e942aa2 da6e7540 a723a23a
Feb/04/2025 16:55:44 ipsec,info killing ike2 SA: IPSEC_RW_peer X.X.X.X[4500]-Y.Y.Y.Y[45760] spi:6e693172a35cc7b7:a42f24d2ab02daa0
Feb/04/2025 16:55:44 ipsec IPsec-SA killing: Y.Y.Y.Y[45760]->X.X.X.X[4500] spi=0x55fdcaf
Feb/04/2025 16:55:44 ipsec IPsec-SA killing: X.X.X.X[4500]->Y.Y.Y.Y[45760] spi=0x7323d83
Feb/04/2025 16:55:44 ipsec removing generated policy
Feb/04/2025 16:55:44 ipsec KA remove: X.X.X.X[4500]->Y.Y.Y.Y[45760]
Feb/04/2025 16:55:44 ipsec,debug KA tree dump: X.X.X.X[4500]->Y.Y.Y.Y[45760] (in_use=1)
Feb/04/2025 16:55:44 ipsec,debug KA removing this one...
Feb/04/2025 16:55:44 ipsec,info releasing address 192.168.21.40

And here config

# feb/04/2025 17:40:52 by RouterOS 6.49.11
# software id = 1RHR-QAJL
#
# model = RBD53iG-5HacD2HnD
# serial number = XXXXX
/ip ipsec mode-config
add address-pool=IPSEC_RW_pool address-prefix-length=27 name=IPSEC_RW_conf split-include=10.240.10.192/28 system-dns=no
/ip ipsec policy group
add name=IPSEC_RW_Group
/ip ipsec profile
add enc-algorithm=aes-256 hash-algorithm=sha256 name=IPSEC_RW_profile prf-algorithm=sha256
/ip ipsec peer
add exchange-mode=ike2 name=IPSEC_RW_peer passive=yes profile=IPSEC_RW_profile send-initial-contact=no
/ip ipsec proposal
add auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc name=IPSEC_RW_proposal pfs-group=none
/ip ipsec identity
add auth-method=digital-signature certificate=brno.dotrans.cz generate-policy=port-strict mode-config=IPSEC_RW_conf peer=IPSEC_RW_peer policy-template-group=IPSEC_RW_Group remote-id=ignore
/ip ipsec policy
add comment="IPSEC Road Warriors Template" dst-address=192.168.21.32/27 group=IPSEC_RW_Group proposal=IPSEC_RW_proposal src-address=0.0.0.0/0 template=yes

Can somebody read from log where is problem and why mikrotik kill SA on the end of rekey?

sindy · February 4, 2025, 5:37pm

These are the important bits:
Feb/04/2025 16:55:44 ipsec,debug ===== received 80 bytes from Y.Y.Y.Y[45760] to X.X.X.X[4500]
…
Feb/04/2025 16:55:44 ipsec payload seen: ENC (52 bytes)
Feb/04/2025 16:55:44 ipsec processing payload: ENC
…
Feb/04/2025 16:55:44 ipsec,debug decrypted packet
Feb/04/2025 16:55:44 ipsec,debug,packet => decrypted packet (size 0x24)
…
Feb/04/2025 16:55:44 ipsec,debug,packet 01000000
Feb/04/2025 16:55:44 ipsec payload seen: DELETE (8 bytes)
Feb/04/2025 16:55:44 ipsec respond: info
Feb/04/2025 16:55:44 ipsec processing payloads: NOTIFY (none found)
Feb/04/2025 16:55:44 ipsec processing payloads: DELETE
Feb/04/2025 16:55:44 ipsec delete IKE SA
(in another words, MacOS has declined Mikrotik’s response to the rekey attempt it has initiated).

Further reading and most likely a solution: http://forum.mikrotik.com/t/vpn-ikev2-macos-disconnect-after-24-minutes/174470/1 . I had the same issue and have never heard about it again since setting lifetime on the relevant /ip/ipsec/proposal row to 23m19s. Mikrotik must simply initiate the rekey before MacOS can do that.

robertbisom · February 5, 2025, 10:19am

Thank you sindy, it looks hopefully.
I’ll try it!