Community discussions

MikroTik App
  4. RouterOS
  5. General

no IKEv1 peer config for x.x.x.x  [SOLVED]

Post Reply
 
User avatar
Deantwo
Member
Member
Topic Author
Posts: 331
Joined: Tue Sep 30, 2014 4:07 pm

no IKEv1 peer config for x.x.x.x

Wed Jan 03, 2018 11:21 am

I just upgraded a central router that is running a lot of IPsec tunnels from RouterOS v6.36 to v6.40.5, but now I am getting a lot of IPsec log messages that don't quite make any sense to me. The tunnels appear to be working without issue, so it is mostly an annoyance.

The log messages are:
Code: Select all
Jan/03/2018 11:??:??    ipsec    ipsec    no IKEv1 peer config for a.a.a.a
Jan/03/2018 11:??:??    ipsec    ipsec    no IKEv1 peer config for a.a.a.a
Jan/03/2018 11:??:??    ipsec    ipsec    no IKEv1 peer config for a.a.a.a
Jan/03/2018 11:??:??    ipsec    ipsec    no IKEv1 peer config for a.a.a.a
Jan/03/2018 11:??:??    ipsec    ipsec    no IKEv1 peer config for a.a.a.a
I have googled and searched the forum with no luck.

Anyone know what this log message means?

The IPsec config is as follows:
Code: Select all
/ip ipsec proposal
add auth-algorithms=md5 enc-algorithms=aes-128-cbc lifetime=8h name=md5-aes128-8h pfs-group=none
/ip ipsec peer
add address=a.a.a.a/32 dh-group=modp1024 dpd-interval=disable-dpd enc-algorithm=aes-128 hash-algorithm=md5 \
    lifetime=8h local-address=b.b.b.b nat-traversal=no passive=yes secret=password send-initial-contact=no
/ip ipsec policy
set 0 disabled=yes
add dst-address=c.c.c.c/24 proposal=md5-aes128-8h sa-dst-address=a.a.a.a sa-src-address=b.b.b.b src-address=d.d.d.d/24 tunnel=yes
add dst-address=c.c.c.c/24 proposal=md5-aes128-8h sa-dst-address=a.a.a.a sa-src-address=b.b.b.b src-address=e.e.e.e/24 tunnel=yes
Clients are also MikroTik routers, running RouterOS v6.39.2 and they are configured with:
Code: Select all
/ip ipsec proposal
add auth-algorithms=md5 enc-algorithms=aes-128-cbc lifetime=8h name=\
    md5-aes128-8h pfs-group=none
/ip ipsec peer
add address=b.b.b.b/32 dpd-interval=20s dpd-maximum-failures=1 \
    enc-algorithm=aes-128 hash-algorithm=md5 lifetime=8h \
    nat-traversal=no secret=password
/ip ipsec policy
set 0 disabled=yes
add dst-address=d.d.d.d/24 proposal=md5-aes128-8h sa-dst-address=b.b.b.b sa-src-address=a.a.a.a/24 src-address=c.c.c.c/24 tunnel=yes
add dst-address=e.e.e.e/20 proposal=md5-aes128-8h sa-dst-address=b.b.b.b sa-src-address=a.a.a.a/24 src-address=c.c.c.c/24 tunnel=yes
Top
 
User avatar
Deantwo
Member
Member
Topic Author
Posts: 331
Joined: Tue Sep 30, 2014 4:07 pm

Re: no IKEv1 peer config for x.x.x.x  [SOLVED]

Tue Jan 09, 2018 11:31 am

I found the issue.
This is because the router is receiving IPsec requests from routers that isn't expected.

The central router doesn't have an IPsec peer for the connecting client router.
The sere number of the log messages made me not even think about checking for old client routers with orphan IPsec peers.
Top
Post Reply

Who is online

Users browsing this forum: adimihaix, vingjfg and 98 guests
  4. RouterOS
  5. General