Community discussions

MikroTik App
 
akliouev
just joined
Topic Author
Posts: 12
Joined: Wed Dec 25, 2013 9:24 am

Incorrect reporting of IPSec installed SAs

Thu Apr 21, 2016 11:25 am

Greetings!

I noticed that both Winbox and Webmin do report incorrectly the IPSec installed SA's properties.
Here's some examples:

Winbox report of installed SAs and details about a particular SA. Please note that the encryption algorithm is empty while the key is present:
Winbox.png
Webmin's report of the installed SAs. Same problem -- the encryption algorithm is empty for both the list and detailed report of an SA:
webmin%20list.png
webmin%20detailed.png
But the /ip ipsec installed-sa pr report seems to be reporting the encryption algorithm correctly as aes-gcm:
[admin@XXXXXX_MikroTik] /ip ipsec installed-sa> pr
Flags: A - AH, E - ESP
 0 E spi=0xCC9D8F5 src-address= dst-address=yyy.yyy.yyy.yyy
     state=mature enc-algorithm=aes-gcm
     enc-key="secretrandomkeysecretrandomkeysecretrandomkeysecretrand1"
     addtime=apr/21/2016 10:05:26 expires-in=9m20s add-lifetime=16m/20m
     current-bytes=198146 replay=128

 1 E spi=0xE0E6563 src-address=yyy.yyy.yyy.yyy dst-address=xxx.xxx.xxx.xxx
     state=mature enc-algorithm=aes-gcm
     enc-key="secretrandomkeysecretrandomkeysecretrandomkeysecretrand2"
     addtime=apr/21/2016 10:05:26 expires-in=9m20s add-lifetime=16m/20m
     current-bytes=144972 replay=128

 2 E spi=0x47259A7 src-address=xxx.xxx.xxx.xxx dst-address=yyy.yyy.yyy.yyy
     state=mature enc-algorithm=aes-gcm
     enc-key="secretrandomkeysecretrandomkeysecretrandomkeysecretrand3"
     addtime=apr/21/2016 10:07:05 expires-in=10m59s add-lifetime=16m/20m
     current-bytes=861034 replay=128

 3 E spi=0xDFDC0D2 src-address=yyy.yyy.yyy.yyy dst-address=xxx.xxx.xxx.xxx
     state=mature enc-algorithm=aes-gcm
     enc-key="secretrandomkeysecretrandomkeysecretrandomkeysecretrand4"
     addtime=apr/21/2016 10:07:05 expires-in=10m59s add-lifetime=16m/20m
     
Is this normal or I'm missing something the the configs?

Regards,
Alex
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Google [Bot], krafg, yaikun94 and 149 guests