IPSEC PH2 stop working - Fortigate

robertbisom · February 20, 2024, 4:44pm

Hello,
we have problem in our Mikrotik RB 4011 (v 6.49.13). We have IPSEC IKE2 tunel with two PH2 phases between RB4011 and Fortigate on the otherside.

Several times a day one of 2 PH2 stops transferring traffic. Once when there is some trafic, other times when there is none. PH2 in this moment is in “estabilished” state, but packets stops go through.

I developed a script that checks result of ping on servers at the other site (behind the fortigate) and if 3 times servers doesn’t reply ping, script reset that PH2 (disable it and re-enable). Reset PH2 works everytime.

Problem si every day.

Here is commented ipsec debug log from last times, problem (and resolution from my script) can be seen there:

# rekey

Feb/20/2024 07:16:37 ipsec IPsec-SA expired: ESP/Tunnel 213.151.240.75[500]->193.85.228.170[500] spi=0x8699f5
Feb/20/2024 07:16:37 ipsec ike2 expire 0x53059101
Feb/20/2024 07:16:37 ipsec init child rekey
Feb/20/2024 07:16:37 ipsec IPsec-SA expired: ESP/Tunnel 193.85.228.170[500]->213.151.240.75[500] spi=0x53059101
Feb/20/2024 07:16:37 ipsec init child continue
Feb/20/2024 07:16:37 ipsec offering proto: 3
Feb/20/2024 07:16:37 ipsec  proposal #1
Feb/20/2024 07:16:37 ipsec   enc: aes256-cbc
Feb/20/2024 07:16:37 ipsec   auth: sha256
Feb/20/2024 07:16:37 ipsec   dh: modp1536
Feb/20/2024 07:16:37 ipsec adding payload: NONCE
Feb/20/2024 07:16:37 ipsec,debug => (size 0x1c)
Feb/20/2024 07:16:37 ipsec,debug 0000001c f44e6a68 8a6ff538 7d9c1a9f d3c18b8e f61948fc 8299de9e
Feb/20/2024 07:16:37 ipsec adding payload: KE
Feb/20/2024 07:16:37 ipsec,debug => (size 0xc8)
Feb/20/2024 07:16:37 ipsec,debug 000000c8 00050000 54fdbe9a d59c4795 0cb103d0 e3a578e5 bcbb27ca b7b73294
Feb/20/2024 07:16:37 ipsec,debug cd18e06d 39d76368 57b9fac2 41ee1ddc d3dfec71 4c930ab3 29920650 232efc33
Feb/20/2024 07:16:37 ipsec,debug d9523e0a 86b1ed62 1807397e d6303600 f58189e0 761d4d2f 80d08d75 e6f17323
Feb/20/2024 07:16:37 ipsec,debug 2cbb6934 6444d391 4b50e596 a7b0cd70 3fd7b5f5 464f2a60 61560f9b b47cb6c3
Feb/20/2024 07:16:37 ipsec,debug 6b1ed260 2725c909 786c68ed 3501331e 6d14af94 e058d61a c915706c 568c37cb
Feb/20/2024 07:16:37 ipsec,debug eb04caa3 26a568b5 a9980c7a 4d07c5a4 f3e9e98c cf67c42c 353fc695 ea77058f
Feb/20/2024 07:16:37 ipsec,debug 4d3580ce 51bb531e
Feb/20/2024 07:16:37 ipsec adding notify: REKEY_SA
Feb/20/2024 07:16:37 ipsec,debug => (size 0xc)
Feb/20/2024 07:16:37 ipsec,debug 0000000c 03044009 008699f5
Feb/20/2024 07:16:37 ipsec adding payload: SA
Feb/20/2024 07:16:37 ipsec,debug => (size 0x34)
Feb/20/2024 07:16:37 ipsec,debug 00000034 00000030 01030404 03638426 0300000c 0100000c 800e0100 03000008
Feb/20/2024 07:16:37 ipsec,debug 0300000c 03000008 04000005 00000008 05000000
Feb/20/2024 07:16:37 ipsec initiator selector: 192.168.4.0/24 
Feb/20/2024 07:16:37 ipsec adding payload: TS_I
Feb/20/2024 07:16:37 ipsec,debug => (size 0x18)
Feb/20/2024 07:16:37 ipsec,debug 00000018 01000000 07000010 0000ffff c0a80400 c0a804ff
Feb/20/2024 07:16:37 ipsec responder selector: 192.168.0.0/24 
Feb/20/2024 07:16:37 ipsec adding payload: TS_R
Feb/20/2024 07:16:37 ipsec,debug => (size 0x18)
Feb/20/2024 07:16:37 ipsec,debug 00000018 01000000 07000010 0000ffff c0a80000 c0a800ff
Feb/20/2024 07:16:37 ipsec <- ike2 request, exchange: CREATE_CHILD_SA:1106 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 07:16:37 ipsec,debug ===== sending 416 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 07:16:37 ipsec,debug 1 times of 420 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 07:16:37 ipsec,debug ===== received 400 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 07:16:37 ipsec -> ike2 reply, exchange: CREATE_CHILD_SA:1106 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 07:16:37 ipsec payload seen: ENC (372 bytes)
Feb/20/2024 07:16:37 ipsec processing payload: ENC
Feb/20/2024 07:16:37 ipsec,debug => iv (size 0x10)
Feb/20/2024 07:16:37 ipsec,debug 3c42d533 a7b98aaf 87e6a862 1dab7be6
Feb/20/2024 07:16:37 ipsec,debug => decrypted and trimmed payload (size 0x140)
Feb/20/2024 07:16:37 ipsec,debug 28000034 00000030 01030404 53059135 0300000c 0100000c 800e0100 03000008
Feb/20/2024 07:16:37 ipsec,debug 0300000c 03000008 04000005 00000008 05000000 22000014 fa3b5eb6 59f92e19
Feb/20/2024 07:16:37 ipsec,debug 0f367008 d98267c6 2c0000c8 00050000 8432c662 9319172a ebf7712b 3f77cfdb
Feb/20/2024 07:16:37 ipsec,debug 6a5a1e1f 9121ab81 b8cc3d67 75c2c290 a760e9c9 7b953485 54419c77 d76e5bcf
Feb/20/2024 07:16:37 ipsec,debug ffabb24a 5b59e6bd 17ad6fa4 5fe6e2a4 b99a638e 39f16e59 d2f31f86 0b218bdb
Feb/20/2024 07:16:37 ipsec,debug 1694ff22 03a4a5ac f30c258e 2dee9b11 a91e5e91 d2a32fc6 9e9d52d1 86da2820
Feb/20/2024 07:16:37 ipsec,debug a9391db7 724b9d66 66c2c4a9 4e146156 04366dee b794b801 e7aa149d 802e346e
Feb/20/2024 07:16:37 ipsec,debug 86fbaa70 9fe69020 9bdd12d8 532c49d0 f01bdcdc fa069c71 903a9b8a 81819fcf
Feb/20/2024 07:16:37 ipsec,debug 
Feb/20/2024 07:16:37 ipsec,debug e696ae27 bc9a262d 7a30420f 7b54cb0a 2d000018 01000000 07000010 0000ffff
Feb/20/2024 07:16:37 ipsec,debug c0a80400 c0a804ff 00000018 01000000 07000010 0000ffff c0a80000 c0a800ff
Feb/20/2024 07:16:37 ipsec,debug decrypted packet
Feb/20/2024 07:16:37 ipsec payload seen: SA (52 bytes)
Feb/20/2024 07:16:37 ipsec payload seen: NONCE (20 bytes)
Feb/20/2024 07:16:37 ipsec payload seen: KE (200 bytes)
Feb/20/2024 07:16:37 ipsec payload seen: TS_I (24 bytes)
Feb/20/2024 07:16:37 ipsec payload seen: TS_R (24 bytes)
Feb/20/2024 07:16:37 ipsec create child: initiator finish
Feb/20/2024 07:16:37 ipsec processing payloads: NOTIFY (none found)
Feb/20/2024 07:16:37 ipsec peer selected tunnel mode
Feb/20/2024 07:16:37 ipsec processing payload: SA
Feb/20/2024 07:16:37 ipsec IKE Protocol: ESP
Feb/20/2024 07:16:37 ipsec  proposal #1
Feb/20/2024 07:16:37 ipsec   enc: aes256-cbc
Feb/20/2024 07:16:37 ipsec   auth: sha256
Feb/20/2024 07:16:37 ipsec   dh: modp1536
Feb/20/2024 07:16:37 ipsec matched proposal:
Feb/20/2024 07:16:37 ipsec  proposal #1
Feb/20/2024 07:16:37 ipsec   enc: aes256-cbc
Feb/20/2024 07:16:37 ipsec   auth: sha256
Feb/20/2024 07:16:37 ipsec   dh: modp1536
Feb/20/2024 07:16:37 ipsec processing payload: TS_I
Feb/20/2024 07:16:37 ipsec 192.168.4.0/24
Feb/20/2024 07:16:37 ipsec processing payload: TS_R
Feb/20/2024 07:16:37 ipsec 192.168.0.0/24
Feb/20/2024 07:16:37 ipsec checking: 192.168.4.0/24 <=> 192.168.0.0/24
Feb/20/2024 07:16:37 ipsec processing payload: NONCE
Feb/20/2024 07:16:37 ipsec processing payload: KE
Feb/20/2024 07:16:37 ipsec,debug => shared secret (size 0xc0)
Feb/20/2024 07:16:37 ipsec,debug 740c77bb 1205fde2 42dd48f2 06caa48c 2cb9b3c1 f751799f e0ab8541 3f894593
Feb/20/2024 07:16:37 ipsec,debug 878898f0 d65819ca 2b182a5f c1d91a94 db53a909 d47c9052 d3c0ce4d 29f1baf0
Feb/20/2024 07:16:37 ipsec,debug 42794d6f 90c4e875 ecdda9a1 a669ece8 c3b89aa6 fab6cf56 20c43497 5bb51cd1
Feb/20/2024 07:16:37 ipsec,debug 4de5b4b6 2df28a12 670174ae edb94afc 81da3449 0df285a7 792300e4 e3d35911
Feb/20/2024 07:16:37 ipsec,debug dd64b0c4 472d368d 18a3cabd 202f1148 9dd321f8 7ff02584 47420a5a 399fefce
Feb/20/2024 07:16:37 ipsec,debug 076f53a8 3361d1ad cb1f5616 2046e76f 407c7e31 e08540f2 f0cf21ef 46f5d319
Feb/20/2024 07:16:37 ipsec,debug => child keymat (size 0x80)
Feb/20/2024 07:16:37 ipsec,debug 4874f0b5 3f7faa6a 2eb103db 9e77765e a5674abb 78a1a946 434ef1ed 33cd61a5
Feb/20/2024 07:16:37 ipsec,debug a5f5e831 562a0544 8ee0efc8 c9bc50af 316a96b0 b115aacc 1792a2a6 581636f3
Feb/20/2024 07:16:37 ipsec,debug 3421f238 49975825 f4f7db08 76053b69 75453b68 f509ab94 39b1ea55 eaacaf21
Feb/20/2024 07:16:37 ipsec,debug fbfe1332 510106c5 4dfa1293 604365f8 c18cc2ce 0eedb643 1d1c7c37 a7295dff
Feb/20/2024 07:16:37 ipsec IPsec-SA established: 213.151.240.75[4500]->193.85.228.170[4500] spi=0x3638426
Feb/20/2024 07:16:37 ipsec IPsec-SA established: 193.85.228.170[4500]->213.151.240.75[4500] spi=0x53059135
Feb/20/2024 07:16:38 ipsec adding payload: DELETE
Feb/20/2024 07:16:38 ipsec,debug => (size 0xc)
Feb/20/2024 07:16:38 ipsec,debug 0000000c 03040001 008699f5
Feb/20/2024 07:16:38 ipsec <- ike2 request, exchange: INFORMATIONAL:1107 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 07:16:38 ipsec,debug ===== sending 288 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 07:16:38 ipsec,debug 1 times of 292 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 07:16:38 ipsec,debug ===== received 80 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 07:16:38 ipsec -> ike2 reply, exchange: INFORMATIONAL:1107 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 07:16:38 ipsec payload seen: ENC (52 bytes)
Feb/20/2024 07:16:38 ipsec processing payload: ENC
Feb/20/2024 07:16:38 ipsec,debug => iv (size 0x10)
Feb/20/2024 07:16:38 ipsec,debug 6c9176de d9b36541 2e47b477 df601676
Feb/20/2024 07:16:38 ipsec,debug => decrypted and trimmed payload (size 0xc)
Feb/20/2024 07:16:38 ipsec,debug 0000000c 03040001 53059101
Feb/20/2024 07:16:38 ipsec,debug decrypted packet
Feb/20/2024 07:16:38 ipsec payload seen: DELETE (12 bytes)
Feb/20/2024 07:16:38 ipsec respond: info
Feb/20/2024 07:16:38 ipsec processing payloads: NOTIFY (none found)
Feb/20/2024 07:16:38 ipsec got reply
Feb/20/2024 07:16:38 ipsec IPsec-SA killing: 213.151.240.75[4500]->193.85.228.170[4500] spi=0x8699f5
Feb/20/2024 07:16:38 ipsec IPsec-SA killing: 193.85.228.170[4500]->213.151.240.75[4500] spi=0x53059101
Feb/20/2024 07:16:51 ipsec IPsec-SA expired: ESP/Tunnel 213.151.240.75[500]->193.85.228.170[500] spi=0x75e65d6
Feb/20/2024 07:16:51 ipsec ike2 expire 0x53059102
Feb/20/2024 07:16:51 ipsec init child rekey
Feb/20/2024 07:16:51 ipsec IPsec-SA expired: ESP/Tunnel 193.85.228.170[500]->213.151.240.75[500] spi=0x53059102
Feb/20/2024 07:16:51 ipsec init child continue
Feb/20/2024 07:16:51 ipsec offering proto: 3
Feb/20/2024 07:16:51 ipsec  proposal #1
Feb/20/2024 07:16:51 ipsec   enc: aes256-cbc
Feb/20/2024 07:16:51 ipsec   auth: sha256
Feb/20/2024 07:16:51 ipsec   dh: modp1536
Feb/20/2024 07:16:51 ipsec adding payload: NONCE
Feb/20/2024 07:16:51 ipsec,debug => (size 0x1c)
Feb/20/2024 07:16:51 ipsec,debug 0000001c 56006399 fe764d83 c60bbd6f f999fefc 7e62dca7 2204e627
Feb/20/2024 07:16:51 ipsec adding payload: KE
Feb/20/2024 07:16:51 ipsec,debug => (size 0xc8)
Feb/20/2024 07:16:51 ipsec,debug 000000c8 00050000 68c515b1 7868284b 52b705a4 4b76bbb7 a47469e2 c04c2c48
Feb/20/2024 07:16:51 ipsec,debug e1570a97 af7facb2 1d2f49c6 60a93d10 752fe1f0 3d848b49 42a1ec12 bc24fb6a
Feb/20/2024 07:16:51 ipsec,debug a8be72b6 847c3b79 29e503e5 589a3fea 08dfa3ba 158b03f9 80908f48 26c80b85
Feb/20/2024 07:16:51 ipsec,debug 6e23e913 7b750e0f e218a103 6e5e3e5a 6b7c7912 99cb4681 ee013949 6d4dbf64
Feb/20/2024 07:16:51 ipsec,debug 9de21c52 64539c5b fe2b8999 0954ad8f bbd413f6 c24f93db 5c463734 4d200155
Feb/20/2024 07:16:51 ipsec,debug 66fcb1bc d88f9e28 0960c187 6b5fd6ac aadfb541 742ec3b5 d7a3699e 14811802
Feb/20/2024 07:16:51 ipsec,debug e9d16fad 606af7ed
Feb/20/2024 07:16:51 ipsec adding notify: REKEY_SA
Feb/20/2024 07:16:51 ipsec,debug => (size 0xc)
Feb/20/2024 07:16:51 ipsec,debug 0000000c 03044009 075e65d6
Feb/20/2024 07:16:51 ipsec adding payload: SA
Feb/20/2024 07:16:51 ipsec,debug => (size 0x34)
Feb/20/2024 07:16:51 ipsec,debug 00000034 00000030 01030404 0ef293ed 0300000c 0100000c 800e0100 03000008
Feb/20/2024 07:16:51 ipsec,debug 0300000c 03000008 04000005 00000008 05000000
Feb/20/2024 07:16:51 ipsec initiator selector: 192.168.2.0/24 
Feb/20/2024 07:16:51 ipsec adding payload: TS_I
Feb/20/2024 07:16:51 ipsec,debug => (size 0x18)
Feb/20/2024 07:16:51 ipsec,debug 00000018 01000000 07000010 0000ffff c0a80200 c0a802ff
Feb/20/2024 07:16:51 ipsec responder selector: 192.168.0.0/24 
Feb/20/2024 07:16:51 ipsec adding payload: TS_R
Feb/20/2024 07:16:51 ipsec,debug => (size 0x18)
Feb/20/2024 07:16:51 ipsec,debug 00000018 01000000 07000010 0000ffff c0a80000 c0a800ff
Feb/20/2024 07:16:51 ipsec <- ike2 request, exchange: CREATE_CHILD_SA:1108 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 07:16:51 ipsec,debug ===== sending 432 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 07:16:51 ipsec,debug 1 times of 436 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 07:16:51 ipsec,debug ===== received 400 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 07:16:51 ipsec -> ike2 reply, exchange: CREATE_CHILD_SA:1108 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 07:16:51 ipsec payload seen: ENC (372 bytes)
Feb/20/2024 07:16:51 ipsec processing payload: ENC
Feb/20/2024 07:16:51 ipsec,debug => iv (size 0x10)
Feb/20/2024 07:16:51 ipsec,debug b35fb53a 14389b5f 906dc098 e03bceda
Feb/20/2024 07:16:51 ipsec,debug => decrypted and trimmed payload (size 0x140)
Feb/20/2024 07:16:51 ipsec,debug 28000034 00000030 01030404 53059136 0300000c 0100000c 800e0100 03000008
Feb/20/2024 07:16:51 ipsec,debug 0300000c 03000008 04000005 00000008 05000000 22000014 04071989 62727538
Feb/20/2024 07:16:51 ipsec,debug b2294b67 da54eaa2 2c0000c8 00050000 60a9bef8 db127812 1156ada5 e13e4fb5
Feb/20/2024 07:16:51 ipsec,debug 3caf15fc cc085185 1579e304 05ee5c95 855bf330 a5041b47 5d8e147f 8f9138fc
Feb/20/2024 07:16:51 ipsec,debug c9a87f81 7fba4896 b6a33028 22efc70b 35308735 70f69ef0 3684c0c4 28608a34
Feb/20/2024 07:16:51 ipsec,debug 0becf5ef 09abe520 e427ecf3 908729fb cdd33dd2 c194dd23 1fc1ca46 dc1948a9
Feb/20/2024 07:16:51 ipsec,debug 4679f14c 9844fb92 c2cc346c d306b677 3d1700fa be2d3a48 4ae3b9b2 92dd994a
Feb/20/2024 07:16:51 ipsec,debug da1cefa8 fb24fecc bb02fbd9 eae23069 18fca83c 90a260f6 730a4d11 3072387f
Feb/20/2024 07:16:51 ipsec,debug 
Feb/20/2024 07:16:51 ipsec,debug 0ae48f26 d569a06c caf43a52 49d37338 2d000018 01000000 07000010 0000ffff
Feb/20/2024 07:16:51 ipsec,debug c0a80200 c0a802ff 00000018 01000000 07000010 0000ffff c0a80000 c0a800ff
Feb/20/2024 07:16:51 ipsec,debug decrypted packet
Feb/20/2024 07:16:51 ipsec payload seen: SA (52 bytes)
Feb/20/2024 07:16:51 ipsec payload seen: NONCE (20 bytes)
Feb/20/2024 07:16:51 ipsec payload seen: KE (200 bytes)
Feb/20/2024 07:16:51 ipsec payload seen: TS_I (24 bytes)
Feb/20/2024 07:16:51 ipsec payload seen: TS_R (24 bytes)
Feb/20/2024 07:16:51 ipsec create child: initiator finish
Feb/20/2024 07:16:51 ipsec processing payloads: NOTIFY (none found)
Feb/20/2024 07:16:51 ipsec peer selected tunnel mode
Feb/20/2024 07:16:51 ipsec processing payload: SA
Feb/20/2024 07:16:51 ipsec IKE Protocol: ESP
Feb/20/2024 07:16:51 ipsec  proposal #1
Feb/20/2024 07:16:51 ipsec   enc: aes256-cbc
Feb/20/2024 07:16:51 ipsec   auth: sha256
Feb/20/2024 07:16:51 ipsec   dh: modp1536
Feb/20/2024 07:16:51 ipsec matched proposal:
Feb/20/2024 07:16:51 ipsec  proposal #1
Feb/20/2024 07:16:51 ipsec   enc: aes256-cbc
Feb/20/2024 07:16:51 ipsec   auth: sha256
Feb/20/2024 07:16:51 ipsec   dh: modp1536
Feb/20/2024 07:16:51 ipsec processing payload: TS_I
Feb/20/2024 07:16:51 ipsec 192.168.2.0/24
Feb/20/2024 07:16:51 ipsec processing payload: TS_R
Feb/20/2024 07:16:51 ipsec 192.168.0.0/24
Feb/20/2024 07:16:51 ipsec checking: 192.168.2.0/24 <=> 192.168.0.0/24
Feb/20/2024 07:16:51 ipsec processing payload: NONCE
Feb/20/2024 07:16:51 ipsec processing payload: KE
Feb/20/2024 07:16:51 ipsec,debug => shared secret (size 0xc0)
Feb/20/2024 07:16:51 ipsec,debug b9d4fec7 7e9b9a11 3b058940 ce66cd29 4bad279c 9f91479c a189d8eb fd61dda9
Feb/20/2024 07:16:51 ipsec,debug 7ec1e202 28427718 41976d62 2acbaf0d 6794921d a62d7826 9ef34258 878872bb
Feb/20/2024 07:16:51 ipsec,debug 252f1f36 7dbbd4f9 adee43b3 682c58af 6519b285 098e1344 00f26d04 e5d42d31
Feb/20/2024 07:16:51 ipsec,debug 584781d0 00e87214 ba3a508b fe45c95e 101ac802 b4b59554 3202d9bf f5562975
Feb/20/2024 07:16:51 ipsec,debug bfe7e99e 6fceb3c6 aea0fffd f6e7f933 88d3075f 3c3bd8d5 b40104f0 3aa2770c
Feb/20/2024 07:16:51 ipsec,debug 9aae3b38 e0b076a5 def05a93 6958c9ce 35b8b868 5f612ced 77d257c0 b980ac4f
Feb/20/2024 07:16:51 ipsec,debug => child keymat (size 0x80)
Feb/20/2024 07:16:51 ipsec,debug 34bfd78c 31bebb2c 3872bc1a b8cdb41b 02c4e045 3c4277cc 327a003a cf066164
Feb/20/2024 07:16:51 ipsec,debug 26d6bd76 13edc1d6 1acdbc32 5795419d b08d3e0c 99b5cf0e ab61d595 fe5a15de
Feb/20/2024 07:16:51 ipsec,debug 4de51275 b4c97468 d94a3da1 1be90023 7faeec75 c80ce98b 12501e27 77fd8112
Feb/20/2024 07:16:51 ipsec,debug 05681256 93b9bbb1 04d669ff 56e24efb 7910943b be5bea06 abfbe676 a7456e37
Feb/20/2024 07:16:51 ipsec IPsec-SA established: 213.151.240.75[4500]->193.85.228.170[4500] spi=0xef293ed
Feb/20/2024 07:16:51 ipsec IPsec-SA established: 193.85.228.170[4500]->213.151.240.75[4500] spi=0x53059136
Feb/20/2024 07:16:51 ipsec adding payload: DELETE
Feb/20/2024 07:16:51 ipsec,debug => (size 0xc)
Feb/20/2024 07:16:51 ipsec,debug 0000000c 03040001 075e65d6
Feb/20/2024 07:16:51 ipsec <- ike2 request, exchange: INFORMATIONAL:1109 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 07:16:51 ipsec,debug ===== sending 80 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 07:16:51 ipsec,debug 1 times of 84 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 07:16:51 ipsec,debug ===== received 80 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 07:16:51 ipsec -> ike2 reply, exchange: INFORMATIONAL:1109 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 07:16:51 ipsec payload seen: ENC (52 bytes)
Feb/20/2024 07:16:51 ipsec processing payload: ENC
Feb/20/2024 07:16:51 ipsec,debug => iv (size 0x10)
Feb/20/2024 07:16:51 ipsec,debug 99af128a d8c071d8 ccff7c90 bf73db1d
Feb/20/2024 07:16:51 ipsec,debug => decrypted and trimmed payload (size 0xc)
Feb/20/2024 07:16:51 ipsec,debug 0000000c 03040001 53059102
Feb/20/2024 07:16:51 ipsec,debug decrypted packet
Feb/20/2024 07:16:51 ipsec payload seen: DELETE (12 bytes)
Feb/20/2024 07:16:51 ipsec respond: info
Feb/20/2024 07:16:51 ipsec processing payloads: NOTIFY (none found)
Feb/20/2024 07:16:51 ipsec got reply
Feb/20/2024 07:16:51 ipsec IPsec-SA killing: 213.151.240.75[4500]->193.85.228.170[4500] spi=0x75e65d6
Feb/20/2024 07:16:51 ipsec IPsec-SA killing: 193.85.228.170[4500]->213.151.240.75[4500] spi=0x53059102

# dpd check pass
Feb/20/2024 07:17:51 ipsec sending dpd packet
Feb/20/2024 07:17:51 ipsec <- ike2 request, exchange: INFORMATIONAL:1110 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 07:17:51 ipsec,debug ===== sending 160 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 07:17:51 ipsec,debug 1 times of 164 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 07:17:51 ipsec,debug ===== received 80 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 07:17:51 ipsec -> ike2 reply, exchange: INFORMATIONAL:1110 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 07:17:51 ipsec payload seen: ENC (52 bytes)
Feb/20/2024 07:17:51 ipsec processing payload: ENC
Feb/20/2024 07:17:51 ipsec,debug => iv (size 0x10)
Feb/20/2024 07:17:51 ipsec,debug d18dfb2a e04df973 71d0a767 0b076b98
Feb/20/2024 07:17:51 ipsec,debug => decrypted and trimmed payload (size 0x0)
Feb/20/2024 07:17:51 ipsec,debug decrypted packet
Feb/20/2024 07:17:51 ipsec respond: info
Feb/20/2024 07:17:51 ipsec,debug reply ignored

...

Feb/20/2024 08:21:52 ipsec sending dpd packet
Feb/20/2024 08:21:52 ipsec <- ike2 request, exchange: INFORMATIONAL:1174 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 08:21:52 ipsec,debug ===== sending 128 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:21:52 ipsec,debug 1 times of 132 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 08:21:52 ipsec,debug ===== received 80 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 08:21:52 ipsec -> ike2 reply, exchange: INFORMATIONAL:1174 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 08:21:52 ipsec payload seen: ENC (52 bytes)
Feb/20/2024 08:21:52 ipsec processing payload: ENC
Feb/20/2024 08:21:52 ipsec,debug => iv (size 0x10)
Feb/20/2024 08:21:52 ipsec,debug cf9203ad 3637091f f1ff4c4a 00d0889f
Feb/20/2024 08:21:52 ipsec,debug => decrypted and trimmed payload (size 0x0)
Feb/20/2024 08:21:52 ipsec,debug decrypted packet
Feb/20/2024 08:21:52 ipsec respond: info
Feb/20/2024 08:21:52 ipsec,debug reply ignored

Feb/20/2024 08:22:52 ipsec sending dpd packet
Feb/20/2024 08:22:52 ipsec <- ike2 request, exchange: INFORMATIONAL:1175 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 08:22:52 ipsec,debug ===== sending 96 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:22:52 ipsec,debug 1 times of 100 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 08:22:52 ipsec,debug ===== received 80 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 08:22:52 ipsec -> ike2 reply, exchange: INFORMATIONAL:1175 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 08:22:52 ipsec payload seen: ENC (52 bytes)
Feb/20/2024 08:22:52 ipsec processing payload: ENC
Feb/20/2024 08:22:52 ipsec,debug => iv (size 0x10)
Feb/20/2024 08:22:52 ipsec,debug d3e67d8f 268b49f3 1a0ff82f 1e91346c
Feb/20/2024 08:22:52 ipsec,debug => decrypted and trimmed payload (size 0x0)
Feb/20/2024 08:22:52 ipsec,debug decrypted packet
Feb/20/2024 08:22:52 ipsec respond: info
Feb/20/2024 08:22:52 ipsec,debug reply ignored

# script detect fail 2-times
Feb/20/2024 08:23:13 script,warning vlan10_LAN cannot reach 192.168.0.1
Feb/20/2024 08:23:14 script,warning vlan10_LAN cannot reach 192.168.0.11
Feb/20/2024 08:23:15 script,warning vlan10_LAN cannot reach 192.168.0.182
Feb/20/2024 08:23:16 script,warning vlan10_LAN cannot reach 192.168.0.183

Feb/20/2024 08:23:43 script,warning vlan10_LAN cannot reach 192.168.0.1
Feb/20/2024 08:23:44 script,warning vlan10_LAN cannot reach 192.168.0.11
Feb/20/2024 08:23:45 script,warning vlan10_LAN cannot reach 192.168.0.182
Feb/20/2024 08:23:46 script,warning vlan10_LAN cannot reach 192.168.0.183

# dpd detect fail
Feb/20/2024 08:23:52 ipsec sending dpd packet
Feb/20/2024 08:23:52 ipsec <- ike2 request, exchange: INFORMATIONAL:1176 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 08:23:52 ipsec,debug ===== sending 128 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:23:52 ipsec,debug 1 times of 132 bytes message will be sent to 213.151.240.75[4500]

Feb/20/2024 08:23:57 ipsec dpd: retransmit
Feb/20/2024 08:23:57 ipsec,debug ===== sending 128 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:23:57 ipsec,debug 1 times of 132 bytes message will be sent to 213.151.240.75[4500]

Feb/20/2024 08:24:03 ipsec dpd: retransmit
Feb/20/2024 08:24:03 ipsec,debug ===== sending 128 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:24:03 ipsec,debug 1 times of 132 bytes message will be sent to 213.151.240.75[4500]

Feb/20/2024 08:24:07 ipsec dpd: retransmit
Feb/20/2024 08:24:07 ipsec,debug ===== sending 128 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:24:07 ipsec,debug 1 times of 132 bytes message will be sent to 213.151.240.75[4500]

Feb/20/2024 08:24:13 ipsec dpd: retransmit
Feb/20/2024 08:24:13 ipsec,debug ===== sending 128 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:24:13 ipsec,debug 1 times of 132 bytes message will be sent to 213.151.240.75[4500]

# script detect fail 3rd times
Feb/20/2024 08:24:13 script,warning vlan10_LAN cannot reach 192.168.0.1
Feb/20/2024 08:24:14 script,warning vlan10_LAN cannot reach 192.168.0.11
Feb/20/2024 08:24:15 script,warning vlan10_LAN cannot reach 192.168.0.182
Feb/20/2024 08:24:16 script,warning vlan10_LAN cannot reach 192.168.0.183
Feb/20/2024 08:24:16 script,warning vlan10_LAN has a problem to ping 4 hosts - restarting PH2.

# disable ph2
Feb/20/2024 08:24:16 ipsec adding payload: DELETE
Feb/20/2024 08:24:16 ipsec,debug => (size 0xc)
Feb/20/2024 08:24:16 ipsec,debug 0000000c 03040001 03638426
Feb/20/2024 08:24:16 ipsec <- ike2 request, exchange: INFORMATIONAL:1177 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 08:24:16 ipsec,debug ===== sending 320 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:24:16 ipsec,debug 1 times of 324 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 08:24:16 ipsec IPsec-SA killing: 213.151.240.75[4500]->193.85.228.170[4500] spi=0x3638426
Feb/20/2024 08:24:16 ipsec IPsec-SA killing: 193.85.228.170[4500]->213.151.240.75[4500] spi=0x53059135
Feb/20/2024 08:24:16 ipsec policy update killed some SAs
Feb/20/2024 08:24:17 ipsec max retransmit failures reached
Feb/20/2024 08:24:17 ipsec,info killing ike2 SA: Lunys 193.85.228.170[4500]-213.151.240.75[4500] spi:83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 08:24:17 ipsec IPsec-SA killing: 213.151.240.75[4500]->193.85.228.170[4500] spi=0xef293ed
Feb/20/2024 08:24:17 ipsec IPsec-SA killing: 193.85.228.170[4500]->213.151.240.75[4500] spi=0x53059136
Feb/20/2024 08:24:17 ipsec adding payload: DELETE
Feb/20/2024 08:24:17 ipsec,debug => (size 0x8)
Feb/20/2024 08:24:17 ipsec,debug 00000008 01000000
Feb/20/2024 08:24:17 ipsec <- ike2 request, exchange: INFORMATIONAL:1178 213.151.240.75[4500] 83517d01116157f2:fa7433dfecd13d93
Feb/20/2024 08:24:17 ipsec,debug ===== sending 288 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:24:17 ipsec,debug 1 times of 292 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 08:24:19 ipsec acquire for policy: 192.168.2.0/24 <=> 192.168.0.0/24
Feb/20/2024 08:24:19 ipsec policy group mismatch, ignoring.
Feb/20/2024 08:24:19 ipsec ike2 starting for: 213.151.240.75
Feb/20/2024 08:24:20 ipsec adding notify: IKEV2_FRAGMENTATION_SUPPORTED
Feb/20/2024 08:24:20 ipsec,debug => (size 0x8)
Feb/20/2024 08:24:20 ipsec,debug 00000008 0000402e
Feb/20/2024 08:24:20 ipsec adding notify: NAT_DETECTION_DESTINATION_IP
Feb/20/2024 08:24:20 ipsec,debug => (size 0x1c)
Feb/20/2024 08:24:20 ipsec,debug 0000001c 00004005 77f4b1f9 f81e80c3 457b0839 4a0f3e9f 837f9847
Feb/20/2024 08:24:20 ipsec adding notify: NAT_DETECTION_SOURCE_IP
Feb/20/2024 08:24:20 ipsec,debug => (size 0x1c)
Feb/20/2024 08:24:20 ipsec,debug 0000001c 00004004 c8d395fc 64ba55a3 d161f7e5 c51cef5c 52df772f
Feb/20/2024 08:24:20 ipsec adding payload: NONCE
Feb/20/2024 08:24:20 ipsec,debug => (size 0x1c)
Feb/20/2024 08:24:20 ipsec,debug 0000001c 3f34e6a8 b439b688 2d0d3c97 6e79cad8 1f501533 2175e2f5
Feb/20/2024 08:24:20 ipsec adding payload: KE
Feb/20/2024 08:24:20 ipsec,debug => (size 0xc8)
Feb/20/2024 08:24:20 ipsec,debug 000000c8 00050000 c3cf1966 d9b1f9ee f63a82ba 78e3099d b8578b61 0b52f91f
Feb/20/2024 08:24:20 ipsec,debug ec8643bd af4d5b48 97f040f3 f700d111 550f686e 5f89ad97 a6b2d087 ac0c7866
Feb/20/2024 08:24:20 ipsec,debug cb1fc5ae 6517873c d287dc29 9cacd0fc 37bffdc6 f2917ed3 ebdc7226 1422397e
Feb/20/2024 08:24:20 ipsec,debug 8c852e93 40139934 27607b8c 31507f11 e569708b 75f53f15 161e403f 1d5b9014
Feb/20/2024 08:24:20 ipsec,debug e0558f0b f239b686 a81646a8 28bfd7b8 6fbbfe46 1d3dc4b7 0d20d9d6 18de542e
Feb/20/2024 08:24:20 ipsec,debug 1b08486c 2bcd9716 438e8202 7d55764e 15762a2a 41eae476 016b0f92 dcc07c31
Feb/20/2024 08:24:20 ipsec,debug 0fe30a35 64e82a35
Feb/20/2024 08:24:20 ipsec adding payload: SA
Feb/20/2024 08:24:20 ipsec,debug => (size 0x30)
Feb/20/2024 08:24:20 ipsec,debug 00000030 0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005
Feb/20/2024 08:24:20 ipsec,debug 03000008 0300000c 00000008 04000005
Feb/20/2024 08:24:20 ipsec <- ike2 request, exchange: SA_INIT:0 213.151.240.75[4500] fe998ee4ded232db:0000000000000000
Feb/20/2024 08:24:20 ipsec,debug ===== sending 368 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:24:20 ipsec,debug 1 times of 372 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 08:24:20 ipsec,debug ===== received 360 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 08:24:20 ipsec -> ike2 reply, exchange: SA_INIT:0 213.151.240.75[4500] fe998ee4ded232db:0a1a5631e5725345
Feb/20/2024 08:24:20 ipsec ike2 initialize recv
Feb/20/2024 08:24:20 ipsec payload seen: SA (48 bytes)
Feb/20/2024 08:24:20 ipsec payload seen: KE (200 bytes)
Feb/20/2024 08:24:20 ipsec payload seen: NONCE (20 bytes)
Feb/20/2024 08:24:20 ipsec payload seen: NOTIFY (28 bytes)
Feb/20/2024 08:24:20 ipsec payload seen: NOTIFY (28 bytes)
Feb/20/2024 08:24:20 ipsec payload seen: NOTIFY (8 bytes)
Feb/20/2024 08:24:20 ipsec processing payload: NONCE
Feb/20/2024 08:24:20 ipsec processing payload: SA
Feb/20/2024 08:24:20 ipsec IKE Protocol: IKE
Feb/20/2024 08:24:20 ipsec  proposal #1
Feb/20/2024 08:24:20 ipsec   enc: aes256-cbc
Feb/20/2024 08:24:20 ipsec   prf: hmac-sha256
Feb/20/2024 08:24:20 ipsec   auth: sha256
Feb/20/2024 08:24:20 ipsec   dh: modp1536
Feb/20/2024 08:24:20 ipsec matched proposal:
Feb/20/2024 08:24:20 ipsec  proposal #1
Feb/20/2024 08:24:20 ipsec   enc: aes256-cbc
Feb/20/2024 08:24:20 ipsec   prf: hmac-sha256
Feb/20/2024 08:24:20 ipsec   auth: sha256
Feb/20/2024 08:24:20 ipsec   dh: modp1536
Feb/20/2024 08:24:20 ipsec processing payload: KE
Feb/20/2024 08:24:20 ipsec,debug => shared secret (size 0xc0)
Feb/20/2024 08:24:20 ipsec,debug d2e63fe5 f1e21301 0e006541 d2d44acb 3356b26a 24125ce7 9ee5f18a e2f3e091
Feb/20/2024 08:24:20 ipsec,debug ecc44589 bc4aa28e 424fe1af d201d578 e9badbed 8d035b03 e8835b5d 187b4326
Feb/20/2024 08:24:20 ipsec,debug a226af89 50e59454 ddec213e c51f07ce 0012c84c a24a35dc 0661b2f0 066d18d2
Feb/20/2024 08:24:20 ipsec,debug 1ebb499f 197a4f01 e21965fe be418c3d 37bdf2b8 27f897d5 f9dcd134 cd903986
Feb/20/2024 08:24:20 ipsec,debug 586eab4a a2710998 11c90af7 78d93081 c1a6805f 411fb236 0545498e 14a5c0f8
Feb/20/2024 08:24:20 ipsec,debug e1553508 a218ee86 4731b583 a539d86f e9df2011 551e50a9 692140fc 8efb728e
Feb/20/2024 08:24:20 ipsec,debug => skeyseed (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug 11a41804 562d26ec ce2c44a4 f9e91264 fc0096dd 15e301bd 394851bc 68289b81
Feb/20/2024 08:24:20 ipsec,debug => keymat (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug e4056a90 d8f061c3 03a15c02 a49dab22 e06437fc f846b88d d7410c4e 482c7048
Feb/20/2024 08:24:20 ipsec,debug => SK_ai (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug f46b1d72 637fa76c 09df2551 64ffc11a 288ef8b9 7b2b2baf 7003f0e4 647680e5
Feb/20/2024 08:24:20 ipsec,debug => SK_ar (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug 9d98c403 b742cdef 9768dd22 0f7e5a3a c65db713 08f0a390 5c61ccd5 f68e5efa
Feb/20/2024 08:24:20 ipsec,debug => SK_ei (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug ce74f29c 2cb25ec7 95ed8f08 67453d49 c0430ed1 b8797b7e 65721ed8 c780718e
Feb/20/2024 08:24:20 ipsec,debug => SK_er (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug 5cf29fbc 9e023328 f775568d 7d441a05 4fc02a49 cbc1282a 5c7e8aa3 92cc5a75
Feb/20/2024 08:24:20 ipsec,debug => SK_pi (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug 2474b41d 001fb203 79262ff9 b4d7b10f 142bb044 551c868f d5ab9c35 7bb1249e
Feb/20/2024 08:24:20 ipsec,debug => SK_pr (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug 5e1fd238 875b31a3 b8b59673 e1261102 a57dea15 a7c7ebd8 ece708e4 97ad3477
Feb/20/2024 08:24:20 ipsec,info new ike2 SA (I): Lunys 193.85.228.170[4500]-213.151.240.75[4500] spi:fe998ee4ded232db:0a1a5631e5725345
Feb/20/2024 08:24:20 ipsec processing payloads: NOTIFY
Feb/20/2024 08:24:20 ipsec   notify: NAT_DETECTION_SOURCE_IP
Feb/20/2024 08:24:20 ipsec   notify: NAT_DETECTION_DESTINATION_IP
Feb/20/2024 08:24:20 ipsec   notify: IKEV2_FRAGMENTATION_SUPPORTED
Feb/20/2024 08:24:20 ipsec fragmentation negotiated
Feb/20/2024 08:24:20 ipsec init child for policy: 192.168.2.0/24 <=> 192.168.0.0/24
Feb/20/2024 08:24:20 ipsec init child continue
Feb/20/2024 08:24:20 ipsec offering proto: 3
Feb/20/2024 08:24:20 ipsec  proposal #1
Feb/20/2024 08:24:20 ipsec   enc: aes256-cbc
Feb/20/2024 08:24:20 ipsec   auth: sha256
Feb/20/2024 08:24:20 ipsec ID_I (ADDR4): 193.85.228.170
Feb/20/2024 08:24:20 ipsec adding payload: ID_I
Feb/20/2024 08:24:20 ipsec,debug => (size 0xc)
Feb/20/2024 08:24:20 ipsec,debug 0000000c 01000000 c155e4aa
Feb/20/2024 08:24:20 ipsec,debug => auth nonce (size 0x10)
Feb/20/2024 08:24:20 ipsec,debug 0ef7db2d 4447bd33 718f55f8 5e9fc352
Feb/20/2024 08:24:20 ipsec,debug => SK_p (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug 2474b41d 001fb203 79262ff9 b4d7b10f 142bb044 551c868f d5ab9c35 7bb1249e
Feb/20/2024 08:24:20 ipsec,debug => idhash (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug 0153b38c 67c6bdc3 7fe7e69f d66d8498 bcf81521 53c69281 032b9431 30ed17b7
Feb/20/2024 08:24:20 ipsec,debug => my auth (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug 0491dc70 692efe09 e723d9e2 613859fb 88d8baac 320930f3 f402f90d c5ad278b
Feb/20/2024 08:24:20 ipsec adding payload: AUTH
Feb/20/2024 08:24:20 ipsec,debug => (size 0x28)
Feb/20/2024 08:24:20 ipsec,debug 00000028 02000000 0491dc70 692efe09 e723d9e2 613859fb 88d8baac 320930f3
Feb/20/2024 08:24:20 ipsec,debug f402f90d c5ad278b
Feb/20/2024 08:24:20 ipsec adding notify: INITIAL_CONTACT
Feb/20/2024 08:24:20 ipsec,debug => (size 0x8)
Feb/20/2024 08:24:20 ipsec,debug 00000008 00004000
Feb/20/2024 08:24:20 ipsec adding payload: SA
Feb/20/2024 08:24:20 ipsec,debug => (size 0x2c)
Feb/20/2024 08:24:20 ipsec,debug 0000002c 00000028 01030403 026558a3 0300000c 0100000c 800e0100 03000008
Feb/20/2024 08:24:20 ipsec,debug 0300000c 00000008 05000000
Feb/20/2024 08:24:20 ipsec initiator selector: 192.168.2.0/24 
Feb/20/2024 08:24:20 ipsec adding payload: TS_I
Feb/20/2024 08:24:20 ipsec,debug => (size 0x18)
Feb/20/2024 08:24:20 ipsec,debug 00000018 01000000 07000010 0000ffff c0a80200 c0a802ff
Feb/20/2024 08:24:20 ipsec responder selector: 192.168.0.0/24 
Feb/20/2024 08:24:20 ipsec adding payload: TS_R
Feb/20/2024 08:24:20 ipsec,debug => (size 0x18)
Feb/20/2024 08:24:20 ipsec,debug 00000018 01000000 07000010 0000ffff c0a80000 c0a800ff
Feb/20/2024 08:24:20 ipsec <- ike2 request, exchange: AUTH:1 213.151.240.75[4500] fe998ee4ded232db:0a1a5631e5725345
Feb/20/2024 08:24:20 ipsec,debug ===== sending 256 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:24:20 ipsec,debug 1 times of 260 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 08:24:20 ipsec,debug ===== received 224 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 08:24:20 ipsec -> ike2 reply, exchange: AUTH:1 213.151.240.75[4500] fe998ee4ded232db:0a1a5631e5725345
Feb/20/2024 08:24:20 ipsec payload seen: ENC (196 bytes)
Feb/20/2024 08:24:20 ipsec processing payload: ENC
Feb/20/2024 08:24:20 ipsec,debug => iv (size 0x10)
Feb/20/2024 08:24:20 ipsec,debug c05af2ad 46ad08e9 0d2b5549 9a7ae745
Feb/20/2024 08:24:20 ipsec,debug => decrypted and trimmed payload (size 0x90)
Feb/20/2024 08:24:20 ipsec,debug 2700000c 01000000 d597f04b 21000028 02000000 8ade5152 7c23d66b ccd238a1
Feb/20/2024 08:24:20 ipsec,debug a583b976 475cec74 70305158 6900b2b3 8f7b003d 2c00002c 00000028 01030403
Feb/20/2024 08:24:20 ipsec,debug 5305913f 0300000c 0100000c 800e0100 03000008 0300000c 00000008 05000000
Feb/20/2024 08:24:20 ipsec,debug 2d000018 01000000 07000010 0000ffff c0a80200 c0a802ff 00000018 01000000
Feb/20/2024 08:24:20 ipsec,debug 07000010 0000ffff c0a80000 c0a800ff
Feb/20/2024 08:24:20 ipsec,debug decrypted packet
Feb/20/2024 08:24:20 ipsec payload seen: ID_R (12 bytes)
Feb/20/2024 08:24:20 ipsec payload seen: AUTH (40 bytes)
Feb/20/2024 08:24:20 ipsec payload seen: SA (44 bytes)
Feb/20/2024 08:24:20 ipsec payload seen: TS_I (24 bytes)
Feb/20/2024 08:24:20 ipsec payload seen: TS_R (24 bytes)
Feb/20/2024 08:24:20 ipsec processing payloads: NOTIFY (none found)
Feb/20/2024 08:24:20 ipsec ike auth: initiator finish
Feb/20/2024 08:24:20 ipsec processing payload: ID_R
Feb/20/2024 08:24:20 ipsec ID_R (ADDR4): 213.151.240.75
Feb/20/2024 08:24:20 ipsec processing payload: AUTH
Feb/20/2024 08:24:20 ipsec requested auth method: SKEY
Feb/20/2024 08:24:20 ipsec,debug => peer's auth (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug 8ade5152 7c23d66b ccd238a1 a583b976 475cec74 70305158 6900b2b3 8f7b003d
Feb/20/2024 08:24:20 ipsec,debug => auth nonce (size 0x18)
Feb/20/2024 08:24:20 ipsec,debug 3f34e6a8 b439b688 2d0d3c97 6e79cad8 1f501533 2175e2f5
Feb/20/2024 08:24:20 ipsec,debug => SK_p (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug 5e1fd238 875b31a3 b8b59673 e1261102 a57dea15 a7c7ebd8 ece708e4 97ad3477
Feb/20/2024 08:24:20 ipsec,debug => idhash (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug e3cfe6a8 13f51945 720424f1 07e42fd5 8b7828d0 1fd77008 cfc1b6c9 ded74f61
Feb/20/2024 08:24:20 ipsec,debug => calculated peer's AUTH (size 0x20)
Feb/20/2024 08:24:20 ipsec,debug 8ade5152 7c23d66b ccd238a1 a583b976 475cec74 70305158 6900b2b3 8f7b003d
Feb/20/2024 08:24:20 ipsec,info,account peer authorized: Lunys 193.85.228.170[4500]-213.151.240.75[4500] spi:fe998ee4ded232db:0a1a5631e5725345
Feb/20/2024 08:24:20 ipsec processing payloads: NOTIFY (none found)
Feb/20/2024 08:24:20 ipsec peer selected tunnel mode
Feb/20/2024 08:24:20 ipsec processing payload: SA
Feb/20/2024 08:24:20 ipsec IKE Protocol: ESP
Feb/20/2024 08:24:20 ipsec  proposal #1
Feb/20/2024 08:24:20 ipsec   enc: aes256-cbc
Feb/20/2024 08:24:20 ipsec   auth: sha256
Feb/20/2024 08:24:20 ipsec matched proposal:
Feb/20/2024 08:24:20 ipsec  proposal #1
Feb/20/2024 08:24:20 ipsec   enc: aes256-cbc
Feb/20/2024 08:24:20 ipsec   auth: sha256
Feb/20/2024 08:24:20 ipsec processing payload: TS_I
Feb/20/2024 08:24:20 ipsec 192.168.2.0/24
Feb/20/2024 08:24:20 ipsec processing payload: TS_R
Feb/20/2024 08:24:20 ipsec 192.168.0.0/24
Feb/20/2024 08:24:20 ipsec my vs peer's selectors:
Feb/20/2024 08:24:20 ipsec 192.168.2.0/24 vs 192.168.2.0/24
Feb/20/2024 08:24:20 ipsec 192.168.0.0/24 vs 192.168.0.0/24
Feb/20/2024 08:24:20 ipsec,debug => child keymat (size 0x80)
Feb/20/2024 08:24:20 ipsec,debug 38e9d27d 890aa892 d2d35ef5 230d5013 6548ebfc 0a711057 807498a7 f3ef669d
Feb/20/2024 08:24:20 ipsec,debug 5c2063b6 5c5c51e8 5d35134e 05da855f 7b94bbd7 48c90c7b ec641661 cb3dd8aa
Feb/20/2024 08:24:20 ipsec,debug 22944a4b bb8b5e87 503c3806 6a974bb0 7dad229e 29038cb7 52eb62c7 7630baa5
Feb/20/2024 08:24:20 ipsec,debug d8d93048 2e998fcf 71062d52 c87c5b10 48c048e9 2708ce5b 0ece312c 39f145cd
Feb/20/2024 08:24:20 ipsec IPsec-SA established: 213.151.240.75[4500]->193.85.228.170[4500] spi=0x26558a3
Feb/20/2024 08:24:20 ipsec IPsec-SA established: 193.85.228.170[4500]->213.151.240.75[4500] spi=0x5305913f

# enable ph2
Feb/20/2024 08:24:26 ipsec policy installed for connected peer, creating child SA
Feb/20/2024 08:24:26 ipsec init child for policy: 192.168.4.0/24 <=> 192.168.0.0/24
Feb/20/2024 08:24:26 ipsec init child continue
Feb/20/2024 08:24:26 ipsec offering proto: 3
Feb/20/2024 08:24:26 ipsec  proposal #1
Feb/20/2024 08:24:26 ipsec   enc: aes256-cbc
Feb/20/2024 08:24:26 ipsec   auth: sha256
Feb/20/2024 08:24:26 ipsec   dh: modp1536
Feb/20/2024 08:24:26 ipsec adding payload: NONCE
Feb/20/2024 08:24:26 ipsec,debug => (size 0x1c)
Feb/20/2024 08:24:26 ipsec,debug 0000001c dffda1dc 68f6e63f c54602f3 7efaac44 f1e27226 7bc6ce69
Feb/20/2024 08:24:26 ipsec adding payload: KE
Feb/20/2024 08:24:26 ipsec,debug => (size 0xc8)
Feb/20/2024 08:24:26 ipsec,debug 000000c8 00050000 8b534a0c d3cef33e 1fe65ed6 6678aa93 8b0bff9f 2cf6db64
Feb/20/2024 08:24:26 ipsec,debug d14ed3ce 9e70f7ca 02df30e2 31b37b0c e98663c7 2d887c37 9804d274 b81a49bb
Feb/20/2024 08:24:26 ipsec,debug 8014cdf9 2fce0cd8 f843c307 0c369308 b89c6b95 676c0a23 32f88002 2b3edf94
Feb/20/2024 08:24:26 ipsec,debug 2c87b298 14dccdce ed96c827 f1d68d46 26934a02 9b412b3f aa5cee15 262fa7d3
Feb/20/2024 08:24:26 ipsec,debug 897cd260 f99511f0 4f18d33e 48cd8206 4d9cc17b 55353d49 39b9a6be 573c23c7
Feb/20/2024 08:24:26 ipsec,debug bb749e48 7e495ece a60e5c79 aaf8da8f 11189b8e fe23229c c64d8f6e 490978f2
Feb/20/2024 08:24:26 ipsec,debug 7a027329 61d3913c
Feb/20/2024 08:24:26 ipsec adding payload: SA
Feb/20/2024 08:24:26 ipsec,debug => (size 0x34)
Feb/20/2024 08:24:26 ipsec,debug 00000034 00000030 01030404 05af3730 0300000c 0100000c 800e0100 03000008
Feb/20/2024 08:24:26 ipsec,debug 0300000c 03000008 04000005 00000008 05000000
Feb/20/2024 08:24:26 ipsec initiator selector: 192.168.4.0/24 
Feb/20/2024 08:24:26 ipsec adding payload: TS_I
Feb/20/2024 08:24:26 ipsec,debug => (size 0x18)
Feb/20/2024 08:24:26 ipsec,debug 00000018 01000000 07000010 0000ffff c0a80400 c0a804ff
Feb/20/2024 08:24:26 ipsec responder selector: 192.168.0.0/24 
Feb/20/2024 08:24:26 ipsec adding payload: TS_R
Feb/20/2024 08:24:26 ipsec,debug => (size 0x18)
Feb/20/2024 08:24:26 ipsec,debug 00000018 01000000 07000010 0000ffff c0a80000 c0a800ff
Feb/20/2024 08:24:26 ipsec <- ike2 request, exchange: CREATE_CHILD_SA:2 213.151.240.75[4500] fe998ee4ded232db:0a1a5631e5725345
Feb/20/2024 08:24:26 ipsec,debug ===== sending 528 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:24:26 ipsec,debug 1 times of 532 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 08:24:26 script,warning PH2 restart finished.
Feb/20/2024 08:24:26 ipsec,debug ===== received 400 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 08:24:26 ipsec -> ike2 reply, exchange: CREATE_CHILD_SA:2 213.151.240.75[4500] fe998ee4ded232db:0a1a5631e5725345
Feb/20/2024 08:24:26 ipsec payload seen: ENC (372 bytes)
Feb/20/2024 08:24:26 ipsec processing payload: ENC
Feb/20/2024 08:24:26 ipsec,debug => iv (size 0x10)
Feb/20/2024 08:24:26 ipsec,debug ad440ee5 20c0b38b 586dd117 d41ea9c6
Feb/20/2024 08:24:26 ipsec,debug => decrypted and trimmed payload (size 0x140)
Feb/20/2024 08:24:26 ipsec,debug 28000034 00000030 01030404 53059140 0300000c 0100000c 800e0100 03000008
Feb/20/2024 08:24:26 ipsec,debug 0300000c 03000008 04000005 00000008 05000000 22000014 12157b81 b437a817
Feb/20/2024 08:24:26 ipsec,debug 2c51e9f3 0099a90a 2c0000c8 00050000 b6c0deb6 54b0e3fd b3b1a2c6 d1c8d719
Feb/20/2024 08:24:26 ipsec,debug 8ccb90ab cc76c477 dbef74ce 5e7a29fb 2e72602c 08149571 7d5e9b29 2acb7825
Feb/20/2024 08:24:26 ipsec,debug 9d24d063 4ef22983 3896abdd a6484785 1c30c226 df43d498 8e407681 d6370019
Feb/20/2024 08:24:26 ipsec,debug 91d64636 d4ed718e 0f2732a3 6cc7db43 ecf74393 851f768c f2d2aed5 14ac6cba
Feb/20/2024 08:24:26 ipsec,debug d2ea2228 c2717957 ae038f8a 1549c35b 33d44db0 7d06feab 7250606b a707f1e9
Feb/20/2024 08:24:26 ipsec,debug 1d1a35be 6c82d609 a89f7ccc e19dcaff e79b9b53 5960fe0b b023a2d3 7b4cadd3
Feb/20/2024 08:24:26 ipsec,debug 
Feb/20/2024 08:24:26 ipsec,debug 2ad28fcf faabc7d8 8cb22594 9ba650ec 2d000018 01000000 07000010 0000ffff
Feb/20/2024 08:24:26 ipsec,debug c0a80400 c0a804ff 00000018 01000000 07000010 0000ffff c0a80000 c0a800ff
Feb/20/2024 08:24:26 ipsec,debug decrypted packet
Feb/20/2024 08:24:26 ipsec payload seen: SA (52 bytes)
Feb/20/2024 08:24:26 ipsec payload seen: NONCE (20 bytes)
Feb/20/2024 08:24:26 ipsec payload seen: KE (200 bytes)
Feb/20/2024 08:24:26 ipsec payload seen: TS_I (24 bytes)
Feb/20/2024 08:24:26 ipsec payload seen: TS_R (24 bytes)
Feb/20/2024 08:24:26 ipsec create child: initiator finish
Feb/20/2024 08:24:26 ipsec processing payloads: NOTIFY (none found)
Feb/20/2024 08:24:26 ipsec peer selected tunnel mode
Feb/20/2024 08:24:26 ipsec processing payload: SA
Feb/20/2024 08:24:26 ipsec IKE Protocol: ESP
Feb/20/2024 08:24:26 ipsec  proposal #1
Feb/20/2024 08:24:26 ipsec   enc: aes256-cbc
Feb/20/2024 08:24:26 ipsec   auth: sha256
Feb/20/2024 08:24:26 ipsec   dh: modp1536
Feb/20/2024 08:24:26 ipsec matched proposal:
Feb/20/2024 08:24:26 ipsec  proposal #1
Feb/20/2024 08:24:26 ipsec   enc: aes256-cbc
Feb/20/2024 08:24:26 ipsec   auth: sha256
Feb/20/2024 08:24:26 ipsec   dh: modp1536
Feb/20/2024 08:24:26 ipsec processing payload: TS_I
Feb/20/2024 08:24:26 ipsec 192.168.4.0/24
Feb/20/2024 08:24:26 ipsec processing payload: TS_R
Feb/20/2024 08:24:26 ipsec 192.168.0.0/24
Feb/20/2024 08:24:26 ipsec my vs peer's selectors:
Feb/20/2024 08:24:26 ipsec 192.168.4.0/24 vs 192.168.4.0/24
Feb/20/2024 08:24:26 ipsec 192.168.0.0/24 vs 192.168.0.0/24
Feb/20/2024 08:24:26 ipsec processing payload: NONCE
Feb/20/2024 08:24:26 ipsec processing payload: KE
Feb/20/2024 08:24:26 ipsec,debug => shared secret (size 0xc0)
Feb/20/2024 08:24:26 ipsec,debug 45a8324b a1933fd9 46d1bfdd 62644b8c aa379c52 3e39eb10 5064ef5a 344821e2
Feb/20/2024 08:24:26 ipsec,debug a5daecd4 99430fec bc63609e 12ac4e6c bfff608e 874ce675 65275bb2 bce777d4
Feb/20/2024 08:24:26 ipsec,debug e1d3b75f 0338b5f2 23c91ac6 7fd3d066 9fc51a4d b36ccb29 68211d83 bfb7fac2
Feb/20/2024 08:24:26 ipsec,debug 24c58385 157c206a b86e1c37 1288b96d 7efc354c 8a16db72 f132af59 9c380ccc
Feb/20/2024 08:24:26 ipsec,debug 271259bd 85050817 98997b9f 7c67981e c53cf03c 13ca01f1 53586539 b4427adf
Feb/20/2024 08:24:26 ipsec,debug 310289b8 33a8fe70 02215958 fca13cf4 fe1579d7 b681bbb5 5f883ac5 a8b48d4d
Feb/20/2024 08:24:26 ipsec,debug => child keymat (size 0x80)
Feb/20/2024 08:24:26 ipsec,debug 23ed00f4 c4eed53a 44cd87f6 521a34f0 59da108f 0bd94e65 08056f3d 1ba4c3a0
Feb/20/2024 08:24:26 ipsec,debug ad71c748 485c33c8 03150e6c 0ad624b6 22d6d2e0 024f7a0b e730a413 d9891870
Feb/20/2024 08:24:26 ipsec,debug 23f0b427 36c06a54 5642d9ba 82630611 b72e714b 1d03a11e 1c97cee1 8e19926f
Feb/20/2024 08:24:26 ipsec,debug 089d465b b49537bd dd0200e7 1f97b18a 492eea3b 48fde781 3f96e8f5 6bca66ab
Feb/20/2024 08:24:26 ipsec IPsec-SA established: 213.151.240.75[4500]->193.85.228.170[4500] spi=0x5af3730
Feb/20/2024 08:24:26 ipsec IPsec-SA established: 193.85.228.170[4500]->213.151.240.75[4500] spi=0x53059140

# dpd check pass
Feb/20/2024 08:25:26 ipsec sending dpd packet
Feb/20/2024 08:25:26 ipsec <- ike2 request, exchange: INFORMATIONAL:3 213.151.240.75[4500] fe998ee4ded232db:0a1a5631e5725345
Feb/20/2024 08:25:26 ipsec,debug ===== sending 144 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:25:26 ipsec,debug 1 times of 148 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 08:25:26 ipsec,debug ===== received 80 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 08:25:26 ipsec -> ike2 reply, exchange: INFORMATIONAL:3 213.151.240.75[4500] fe998ee4ded232db:0a1a5631e5725345
Feb/20/2024 08:25:26 ipsec payload seen: ENC (52 bytes)
Feb/20/2024 08:25:26 ipsec processing payload: ENC
Feb/20/2024 08:25:26 ipsec,debug => iv (size 0x10)
Feb/20/2024 08:25:26 ipsec,debug a38e402e 5639d4d4 b6962c0b 210b97f2
Feb/20/2024 08:25:26 ipsec,debug => decrypted and trimmed payload (size 0x0)
Feb/20/2024 08:25:26 ipsec,debug decrypted packet
Feb/20/2024 08:25:26 ipsec respond: info
Feb/20/2024 08:25:26 ipsec,debug reply ignored

Feb/20/2024 08:26:26 ipsec sending dpd packet
Feb/20/2024 08:26:26 ipsec <- ike2 request, exchange: INFORMATIONAL:4 213.151.240.75[4500] fe998ee4ded232db:0a1a5631e5725345
Feb/20/2024 08:26:26 ipsec,debug ===== sending 128 bytes from 193.85.228.170[4500] to 213.151.240.75[4500]
Feb/20/2024 08:26:26 ipsec,debug 1 times of 132 bytes message will be sent to 213.151.240.75[4500]
Feb/20/2024 08:26:26 ipsec,debug ===== received 80 bytes from 213.151.240.75[4500] to 193.85.228.170[4500]
Feb/20/2024 08:26:26 ipsec -> ike2 reply, exchange: INFORMATIONAL:4 213.151.240.75[4500] fe998ee4ded232db:0a1a5631e5725345
Feb/20/2024 08:26:26 ipsec payload seen: ENC (52 bytes)
Feb/20/2024 08:26:26 ipsec processing payload: ENC
Feb/20/2024 08:26:26 ipsec,debug => iv (size 0x10)
Feb/20/2024 08:26:26 ipsec,debug 35ec4be3 183fc4aa 76c290dc ae1928e5
Feb/20/2024 08:26:26 ipsec,debug => decrypted and trimmed payload (size 0x0)
Feb/20/2024 08:26:26 ipsec,debug decrypted packet
Feb/20/2024 08:26:26 ipsec respond: info
Feb/20/2024 08:26:26 ipsec,debug reply ignored

Can somebody help me why some of PH2 stop transfering traffic?

# feb/20/2024 17:42:05 by RouterOS 6.49.13
# software id = XEMG-EHI9
#
# model = RB4011iGS+
# serial number = D1260B4CEDF7
/ip ipsec profile
add dh-group=modp1536 dpd-interval=1m enc-algorithm=aes-256 hash-algorithm=sha256 name=Lunys_Profile
/ip ipsec peer
add address=213.151.240.75/32 exchange-mode=ike2 name=Lunys profile=Lunys_Profile
/ip ipsec proposal
set [ find default=yes ] disabled=yes
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=23h name=Lunys pfs-group=modp1536
/ip ipsec identity
add peer=Lunys
/ip ipsec policy
add comment="VLAN 10 -> LUNYS" dst-address=192.168.0.0/24 level=unique peer=Lunys proposal=Lunys src-address=192.168.4.0/24 tunnel=yes
add comment="VLAN 100 -> LUNYS" dst-address=192.168.0.0/24 level=unique peer=Lunys proposal=Lunys src-address=192.168.2.0/24 tunnel=yes

Thank you a lot.
Rob

d3m0 · November 15, 2024, 12:52pm

Hi Robert did get any updates about that issue?

I’m more or less in the same point but me cannot access anything on remote network even with PH2 established

thanks a lot.

sindy · November 15, 2024, 6:48pm

Not sure whether @robertbisom is still interested in any response almost a year later, but @d3mo, a similar behavior may have a completely different root cause, plus yours is quite different from his one.

If there is no NAT on the path between your IPsec peers, the most frequent reason why Phase2 SAs are established but no traffic can get through is a missing rule in the input chain of firewall filter that lets in ESP traffic. ESP cannot be treated as “related” to the IKE (or IKEv2) traffic, so it needs a permissive rule on its own.

Other than that, typical misconfigurations include absence of any route for the traffic that should be delivered using IPsec (as IPsec only picks up packets that have already been routed using the regular routing) and NATing the traffic that should be delivered using IPSec by mistake. IPsec picks up traffic not only after routing but also after src-nat.

If none of these generic hints helps, post an anonymized export of the configurations from both peers for review. Also watching the policy counters and traffic sniffing helps a lot to localize the issue.