Possible ipsec RouterOS Bug?

Hello tikkies,

Yesterday our main router rebooted without a reason and right after reboot i see weird this wierd lines in debug logs of our router. Is this a possible hack attempt or bug? i disable all ipsec and PPP options bu still get this debug log occasionally.

11:03:43 ipsec,debug @(#)This product linked OpenSSL 1.0.0e 6 Sep 2011 (http://www.openssl.org/)
11:03:43 ipsec,debug call pfkey_send_register for AH
11:03:43 ipsec,debug call pfkey_send_register for ESP
11:03:43 ipsec,debug call pfkey_send_register for IPCOMP
11:03:43 ipsec,debug initializing scheduler…
11:03:43 ipsec,debug initializing policies…
11:03:43 ipsec,debug initializing cfg…
11:03:43 ipsec,debug,packet installing phase2 config: id=0
11:03:43 ipsec,debug AddressHandler init
11:03:43 ipsec,debug 10.x.x.x[500] used as isakmp port (fd=14)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=15)
11:03:43 ipsec,debug 195.x.x.x[500] used as isakmp port (fd=16)
11:03:43 ipsec,debug 195.x.x.x[500] used as isakmp port (fd=17)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=18)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=19)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=20)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=21)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=22)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=23)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=24)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=25)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=26)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=27)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=28)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=29)
11:03:43 ipsec,debug 178.x.x.x[500] used as isakmp port (fd=30)
11:03:43 ipsec,debug 212.x.x.x[500] used as isakmp port (fd=31)
11:03:43 ipsec,debug 62.x.x.x[500] used as isakmp port (fd=32)
11:03:43 ipsec,debug 212.x.x.x[500] used as isakmp port (fd=33)
11:03:43 ipsec,debug 195.x.x.x[500] used as isakmp port (fd=34)
11:03:43 ipsec,debug fe80::215:17ff:fe6a:ac67[500] used as isakmp port (fd=35)
11:03:43 ipsec,debug fe80::215:17ff:fe6a:ac67[500] used as isakmp port (fd=36)
11:03:43 ipsec,debug fe80::215:17ff:fe6a:ac67[500] used as isakmp port (fd=37)
11:03:43 ipsec,debug fe80::215:17ff:fe6a:ac67[500] used as isakmp port (fd=38)
11:03:43 ipsec,debug fe80::215:17ff:fe6a:ac67[500] used as isakmp port (fd=39)
11:03:43 ipsec,debug fe80::215:17ff:fe6a:ac67[500] used as isakmp port (fd=40)
11:03:43 ipsec,debug fe80::215:17ff:fe6a:ac67[500] used as isakmp port (fd=41)
11:03:43 ipsec,debug fe80::215:17ff:fe6a:ac65[500] used as isakmp port (fd=42)
11:03:43 ipsec,debug fe80::215:17ff:fe6a:ac67[500] used as isakmp port (fd=43)
11:03:43 ipsec,debug fe80::215:17ff:fe6a:ac67[500] used as isakmp port (fd=44)
11:03:43 ipsec,debug fe80::207:e9ff:fe0e:a958[500] used as isakmp port (fd=45)
11:03:43 ipsec,debug fe80::6a05:caff:fe04:dd22[500] used as isakmp port (fd=46)
11:03:43 ipsec,debug starting looper…

theese logs were not written to disk maybe they are happening before the reboot but i noticed them now and happening severaltimes in a day.
i was using ipsec on this router but it was inactive for months i disabled all peers and configuration still get this log i hope this is not a security issue.
any ideas?

Looks like you enabled IPsec logging at some point so you are seeing housekeeping messages from the ISAKMP handler etc. . They can be switched off again by removing ipsec in /system logging.

There are no ipsec configuration at the moment but in logs i see some one is trying to connect via ipsec is this possible even with no configuration?

These log messages doesn’t mean that somebody is trying to connect. It just an ipsec initialization logs always printed when ipsec application starts.

Nobody can connect to your router without proper ipsec config.