Please bear with me if this is just a stupid misconfiguration but I have tried for hours and days.
I would like to have an IPsec roadwarrior setup and tunnel IPv4 in IPv6. Reason is that my Mikrotik RB3011UiAS is behind a router provided by my ISP which has a public IPv6 address only. My mobile client (which runs iOS...) receives an IPv6 address as well and this setup also works well when using OpenVPN with some Raspberry PI as a VPN server connected to the ISP router... but that is not what I want it to be.
When I use the configuration below to connect to the MT via IPv4 (with my mobile client being connected to the ISP router, having an IPv4 and using the MT IPv4 on ether 1 to connect) it works without problems. When I use the same settings to connect to the MT from outside using some ddns ipv6 address it looks good as well until it says that it "failed to add SA".
Any help would be much appreciated, thanks a lot!
IPsec config:
Code: Select all
/ip ipsec mode-config
add address-pool=dhcp_pool_l2tp name=default
add address-pool=dhcp_pool_ikev2 name=ikev2 static-dns=192.x.x.x system-dns=no
/ip ipsec policy group
add name=ikev2
/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,3des
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=ikev2
/ip ipsec peer
add exchange-mode=ike2 name=ikev2 passive=yes profile=ikev2 send-initial-contact=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,3des
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=ikev2 pfs-group=none
/ip ipsec identity
add auth-method=digital-signature certificate=MT.server generate-policy=port-strict mode-config=ikev2 peer=ikev2 policy-template-group=ikev2 remote-certificate=MT.client
/ip ipsec policy
add group=ikev2 proposal=ikev2 template=yes
Code: Select all
ipsec,debug ipsec:: ===== received 604 bytes from
aug/12 01:09:18 ipsec ipsec:: -> ike2 request, exchange: SA_INIT:0 ...
aug/12 01:09:18 ipsec ipsec:: ike2 respond ...
aug/12 01:09:18 ipsec ipsec:: payload seen: SA (220 bytes)
aug/12 01:09:18 ipsec ipsec:: payload seen: KE (264 bytes)
aug/12 01:09:18 ipsec ipsec:: payload seen: NONCE (20 bytes)
aug/12 01:09:18 ipsec ipsec:: payload seen: NOTIFY (8 bytes)
aug/12 01:09:18 ipsec ipsec:: payload seen: NOTIFY (28 bytes)
aug/12 01:09:18 ipsec ipsec:: payload seen: NOTIFY (28 bytes)
aug/12 01:09:18 ipsec ipsec:: payload seen: NOTIFY (8 bytes)
aug/12 01:09:18 ipsec ipsec:: processing payload: NONCE
aug/12 01:09:18 ipsec ipsec:: processing payload: SA
aug/12 01:09:18 ipsec ipsec:: IKE Protocol: IKE
aug/12 01:09:18 ipsec ipsec:: proposal #1
aug/12 01:09:18 ipsec ipsec:: enc: aes256-cbc
aug/12 01:09:18 ipsec ipsec:: prf: hmac-sha256
aug/12 01:09:18 ipsec ipsec:: auth: sha256
aug/12 01:09:18 ipsec ipsec:: dh: modp2048
aug/12 01:09:18 ipsec ipsec:: proposal #2
aug/12 01:09:18 ipsec ipsec:: enc: aes256-cbc
aug/12 01:09:18 ipsec ipsec:: prf: hmac-sha256
aug/12 01:09:18 ipsec ipsec:: auth: sha256
aug/12 01:09:18 ipsec ipsec:: dh: ecp256
aug/12 01:09:18 ipsec ipsec:: proposal #3
aug/12 01:09:18 ipsec ipsec:: enc: aes256-cbc
aug/12 01:09:18 ipsec ipsec:: prf: hmac-sha256
aug/12 01:09:18 ipsec ipsec:: auth: sha256
aug/12 01:09:18 ipsec ipsec:: dh: modp1536
aug/12 01:09:18 ipsec ipsec:: proposal #4
aug/12 01:09:18 ipsec ipsec:: enc: aes128-cbc
aug/12 01:09:18 ipsec ipsec:: prf: hmac-sha1
aug/12 01:09:18 ipsec ipsec:: auth: sha1
aug/12 01:09:18 ipsec ipsec:: dh: modp1024
aug/12 01:09:18 ipsec ipsec:: proposal #5
aug/12 01:09:18 ipsec ipsec:: enc: 3des-cbc
aug/12 01:09:18 ipsec ipsec:: prf: hmac-sha1
aug/12 01:09:18 ipsec ipsec:: auth: sha1
aug/12 01:09:18 ipsec ipsec:: dh: modp1024
aug/12 01:09:18 ipsec ipsec:: matched proposal:
aug/12 01:09:18 ipsec ipsec:: proposal #1
aug/12 01:09:18 ipsec ipsec:: enc: aes256-cbc
aug/12 01:09:18 ipsec ipsec:: prf: hmac-sha256
aug/12 01:09:18 ipsec ipsec:: auth: sha256
aug/12 01:09:18 ipsec ipsec:: dh: modp2048
aug/12 01:09:18 ipsec ipsec:: processing payload: KE
aug/12 01:09:19 ipsec,debug ipsec:: => shared secret (size 0x100)
...
aug/12 01:09:19 ipsec ipsec:: adding payload: SA
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x30)
aug/12 01:09:19 ipsec,debug ipsec:: 00000030 0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005
aug/12 01:09:19 ipsec,debug ipsec:: 03000008 0300000c 00000008 0400000e
aug/12 01:09:19 ipsec ipsec:: adding payload: KE
aug/12 01:09:19 ipsec,debug ipsec:: => (first 0x100 of 0x108)
...
aug/12 01:09:19 ipsec ipsec:: adding payload: NONCE
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x1c)
aug/12 01:09:19 ipsec,debug ipsec:: 0000001c 635b816b 7ccd991e 5d534f8e ad361057 ec346c56 f19451a0
aug/12 01:09:19 ipsec ipsec:: adding notify: NAT_DETECTION_SOURCE_IP
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x1c)
aug/12 01:09:19 ipsec,debug ipsec:: 0000001c 00004004 04df6e8f 47b66f74 40dcfc42 4bba3528 43b74a74
aug/12 01:09:19 ipsec ipsec:: adding notify: NAT_DETECTION_DESTINATION_IP
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x1c)
aug/12 01:09:19 ipsec,debug ipsec:: 0000001c 00004005 693bd560 9b939b8d 005c8dea 5ba26626 79cb4abb
aug/12 01:09:19 ipsec ipsec:: adding payload: CERTREQ
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x5)
aug/12 01:09:19 ipsec,debug ipsec:: 00000005 04
aug/12 01:09:19 ipsec ipsec:: <- ike2 reply, exchange: SA_INIT:0 ...
aug/12 01:09:19 ipsec,debug ipsec:: ===== sending 429 bytes from ...
aug/12 01:09:19 ipsec,debug ipsec:: 1 times of 429 bytes message will be sent to ...
aug/12 01:09:19 ipsec,debug ipsec:: => skeyseed (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: 62222c2d a6af4694 b850fe03 4b838dc8 1989fb78 7cab386b 1cc50c61 df4ef1f9
aug/12 01:09:19 ipsec,debug ipsec:: => keymat (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: 3e165750 8e61b369 43c45bbc c905d0f6 f3e5ff19 8f2d7752 2e00d599 2fd21591
aug/12 01:09:19 ipsec,debug ipsec:: => SK_ai (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: b94a7cb5 783a5fbc 8cc79357 2d7ee085 a975449e 54307941 59b67b14 12bfc993
aug/12 01:09:19 ipsec,debug ipsec:: => SK_ar (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: 4b890af0 347b7765 de70a4d6 7e2d126c aa0ba237 a17654d1 f03eca2d 0e4f731b
aug/12 01:09:19 ipsec,debug ipsec:: => SK_ei (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: be367786 70a1af58 2362f93c 76c89bca adad6453 15dabd94 9a147fe2 0499accb
aug/12 01:09:19 ipsec,debug ipsec:: => SK_er (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: 1f63c02d b2b48887 7237fca5 613da9a4 5eecac63 d8cdfd89 a40b3ba6 2a9c672a
aug/12 01:09:19 ipsec,debug ipsec:: => SK_pi (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: e68d6a05 43db355f 872d6eee e78aeefd 234a7888 2acc5636 fbb5e7b7 0b041c64
aug/12 01:09:19 ipsec,debug ipsec:: => SK_pr (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: 01301855 b8fb2ba1 47c2b1e8 fe0a6d42 3cbdfd4d 00af459a 90a760d3 6cee228b
aug/12 01:09:19 ipsec,info ipsec:: new ike2 SA (R): ...
aug/12 01:09:19 ipsec ipsec:: processing payloads: VID (none found)
aug/12 01:09:19 ipsec ipsec:: processing payloads: NOTIFY
aug/12 01:09:19 ipsec ipsec:: notify: REDIRECT_SUPPORTED
aug/12 01:09:19 ipsec ipsec:: notify: NAT_DETECTION_SOURCE_IP
aug/12 01:09:19 ipsec ipsec:: notify: NAT_DETECTION_DESTINATION_IP
aug/12 01:09:19 ipsec ipsec:: notify: IKEV2_FRAGMENTATION_SUPPORTED
aug/12 01:09:19 ipsec ipsec:: (NAT-T) LOCAL
aug/12 01:09:19 ipsec ipsec:: KA list add: ...
aug/12 01:09:19 ipsec,debug ipsec:: ===== received 2432 bytes from ...
aug/12 01:09:19 ipsec ipsec:: -> ike2 request, exchange: AUTH:1 ...
aug/12 01:09:19 ipsec ipsec:: payload seen: ENC (2404 bytes)
aug/12 01:09:19 ipsec ipsec:: processing payload: ENC
aug/12 01:09:19 ipsec,debug ipsec:: => iv (size 0x10)
aug/12 01:09:19 ipsec,debug ipsec:: e305795c cf7ed6ca 5a2d531e d1a73cad
aug/12 01:09:19 ipsec,debug ipsec:: => plain payload (trimmed) (first 0x100 of 0x937)
...
aug/12 01:09:19 ipsec,debug ipsec:: decrypted
aug/12 01:09:19 ipsec ipsec:: payload seen: ID_I (29 bytes)
aug/12 01:09:19 ipsec ipsec:: payload seen: CERT (1381 bytes)
aug/12 01:09:19 ipsec ipsec:: payload seen: NOTIFY (8 bytes)
aug/12 01:09:19 ipsec ipsec:: payload seen: ID_R (29 bytes)
aug/12 01:09:19 ipsec ipsec:: payload seen: AUTH (520 bytes)
aug/12 01:09:19 ipsec ipsec:: payload seen: CONFIG (40 bytes)
aug/12 01:09:19 ipsec ipsec:: payload seen: NOTIFY (8 bytes)
aug/12 01:09:19 ipsec ipsec:: payload seen: NOTIFY (8 bytes)
aug/12 01:09:19 ipsec ipsec:: payload seen: SA (200 bytes)
aug/12 01:09:19 ipsec ipsec:: payload seen: TS_I (64 bytes)
aug/12 01:09:19 ipsec ipsec:: payload seen: TS_R (64 bytes)
aug/12 01:09:19 ipsec ipsec:: payload seen: NOTIFY (8 bytes)
aug/12 01:09:19 ipsec ipsec:: processing payloads: NOTIFY
aug/12 01:09:19 ipsec ipsec:: notify: INITIAL_CONTACT
aug/12 01:09:19 ipsec ipsec:: notify: ESP_TFC_PADDING_NOT_SUPPORTED
aug/12 01:09:19 ipsec ipsec:: notify: NON_FIRST_FRAGMENTS_ALSO
aug/12 01:09:19 ipsec ipsec:: notify: MOBIKE_SUPPORTED
aug/12 01:09:19 ipsec ipsec:: ike auth: respond
aug/12 01:09:19 ipsec ipsec:: processing payload: ID_I
aug/12 01:09:19 ipsec ipsec:: ID_I (FQDN): MT.client
aug/12 01:09:19 ipsec ipsec:: processing payload: ID_R
aug/12 01:09:19 ipsec ipsec:: ID_R (FQDN): MT.server
aug/12 01:09:19 ipsec ipsec:: processing payload: AUTH
aug/12 01:09:19 ipsec ipsec:: processing payload: CERT
aug/12 01:09:19 ipsec ipsec:: got CERT: MT.client
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x560)
...
aug/12 01:09:19 ipsec ipsec:: requested server id: MT.server
aug/12 01:09:19 ipsec ipsec:: processing payloads: NOTIFY
aug/12 01:09:19 ipsec ipsec:: notify: INITIAL_CONTACT
aug/12 01:09:19 ipsec ipsec:: notify: ESP_TFC_PADDING_NOT_SUPPORTED
aug/12 01:09:19 ipsec ipsec:: notify: NON_FIRST_FRAGMENTS_ALSO
aug/12 01:09:19 ipsec ipsec:: notify: MOBIKE_SUPPORTED
aug/12 01:09:19 ipsec ipsec:: processing payload: AUTH
aug/12 01:09:19 ipsec ipsec:: requested auth method: RSA
aug/12 01:09:19 ipsec,debug ipsec:: => peer's auth (first 0x100 of 0x200)
...
aug/12 01:09:19 ipsec,debug ipsec:: checking SAN: MT.client
aug/12 01:09:19 ipsec,debug ipsec:: => auth nonce (size 0x18)
aug/12 01:09:19 ipsec,debug ipsec:: 635b816b 7ccd991e 5d534f8e ad361057 ec346c56 f19451a0
aug/12 01:09:19 ipsec,debug ipsec:: => SK_p (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: e68d6a05 43db355f 872d6eee e78aeefd 234a7888 2acc5636 fbb5e7b7 0b041c64
aug/12 01:09:19 ipsec,debug ipsec:: => idhash (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: e611c155 ea265877 b49326f8 8a1c7815 99038577 a5c1d82e 222268b3 31c889c2
aug/12 01:09:19 ipsec,info,account ipsec:: peer authorized: ...
aug/12 01:09:19 ipsec ipsec:: initial contact
aug/12 01:09:19 ipsec ipsec:: processing payloads: NOTIFY
aug/12 01:09:19 ipsec ipsec:: notify: INITIAL_CONTACT
aug/12 01:09:19 ipsec ipsec:: notify: ESP_TFC_PADDING_NOT_SUPPORTED
aug/12 01:09:19 ipsec ipsec:: notify: NON_FIRST_FRAGMENTS_ALSO
aug/12 01:09:19 ipsec ipsec:: notify: MOBIKE_SUPPORTED
aug/12 01:09:19 ipsec ipsec:: peer wants tunnel mode
aug/12 01:09:19 ipsec ipsec:: processing payload: CONFIG
aug/12 01:09:19 ipsec ipsec:: attribute: internal IPv4 address
aug/12 01:09:19 ipsec ipsec:: attribute: internal IPv4 netmask
aug/12 01:09:19 ipsec ipsec:: attribute: internal IPv4 DHCP
aug/12 01:09:19 ipsec ipsec:: attribute: internal IPv4 DNS
aug/12 01:09:19 ipsec ipsec:: attribute: internal IPv6 address
aug/12 01:09:19 ipsec ipsec:: attribute: internal IPv6 DHCP
aug/12 01:09:19 ipsec ipsec:: attribute: internal IPv6 DNS
aug/12 01:09:19 ipsec ipsec:: attribute: internal DNS domain
aug/12 01:09:19 ipsec,info ipsec:: acquired 192.x.x.x address for ..., MT.client
aug/12 01:09:19 ipsec ipsec:: processing payload: TS_I
aug/12 01:09:19 ipsec ipsec:: 0.0.0.0/0
aug/12 01:09:19 ipsec ipsec:: [::/0]
aug/12 01:09:19 ipsec ipsec:: processing payload: TS_R
aug/12 01:09:19 ipsec ipsec:: 0.0.0.0/0
aug/12 01:09:19 ipsec ipsec:: [::/0]
aug/12 01:09:19 ipsec ipsec:: TSi in tunnel mode replaced with config address: 192.x.x.x/24
aug/12 01:09:19 ipsec ipsec:: canditate selectors: 0.0.0.0/0 <=> 192.x.x.x
aug/12 01:09:19 ipsec ipsec:: canditate selectors: [::/0] <=> [::/0]
aug/12 01:09:19 ipsec ipsec:: processing payload: SA
aug/12 01:09:19 ipsec ipsec:: IKE Protocol: ESP
aug/12 01:09:19 ipsec ipsec:: proposal #1
aug/12 01:09:19 ipsec ipsec:: enc: aes256-cbc
aug/12 01:09:19 ipsec ipsec:: auth: sha256
aug/12 01:09:19 ipsec ipsec:: proposal #2
aug/12 01:09:19 ipsec ipsec:: enc: aes256-cbc
aug/12 01:09:19 ipsec ipsec:: auth: sha256
aug/12 01:09:19 ipsec ipsec:: proposal #3
aug/12 01:09:19 ipsec ipsec:: enc: aes256-cbc
aug/12 01:09:19 ipsec ipsec:: auth: sha256
aug/12 01:09:19 ipsec ipsec:: proposal #4
aug/12 01:09:19 ipsec ipsec:: enc: aes128-cbc
aug/12 01:09:19 ipsec ipsec:: auth: sha1
aug/12 01:09:19 ipsec ipsec:: proposal #5
aug/12 01:09:19 ipsec ipsec:: enc: 3des-cbc
aug/12 01:09:19 ipsec ipsec:: auth: sha1
aug/12 01:09:19 ipsec ipsec:: searching for policy for selector: 0.0.0.0/0 <=> 192.x.x.x
aug/12 01:09:19 ipsec ipsec:: generating policy
aug/12 01:09:19 ipsec ipsec:: matched proposal:
aug/12 01:09:19 ipsec ipsec:: proposal #1
aug/12 01:09:19 ipsec ipsec:: enc: aes256-cbc
aug/12 01:09:19 ipsec ipsec:: auth: sha256
aug/12 01:09:19 ipsec ipsec:: ike auth: finish
aug/12 01:09:19 ipsec ipsec:: ID_R (FQDN): MT.server
aug/12 01:09:19 ipsec ipsec:: processing payload: NONCE
aug/12 01:09:19 ipsec,debug ipsec:: => auth nonce (size 0x10)
aug/12 01:09:19 ipsec,debug ipsec:: 2efec845 29d80589 102eb827 fc90a8f5
aug/12 01:09:19 ipsec,debug ipsec:: => SK_p (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: 01301855 b8fb2ba1 47c2b1e8 fe0a6d42 3cbdfd4d 00af459a 90a760d3 6cee228b
aug/12 01:09:19 ipsec,debug ipsec:: => idhash (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: cefe50ac 1b6e5f1f 217a5815 2b62e725 046d5652 f6b54921 f29712ab f6b95ab0
aug/12 01:09:19 ipsec,debug ipsec:: => my auth (first 0x100 of 0x200)
...
aug/12 01:09:19 ipsec ipsec:: cert: MT.server
aug/12 01:09:19 ipsec ipsec:: adding payload: CERT
aug/12 01:09:19 ipsec,debug ipsec:: => (first 0x100 of 0x575)
...
aug/12 01:09:19 ipsec ipsec:: adding payload: ID_R
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x1d)
aug/12 01:09:19 ipsec,debug ipsec:: 0000001d 02000000 4d61644d 696b726f 54696b56 504e2e73 65727665 72
aug/12 01:09:19 ipsec ipsec:: adding payload: AUTH
aug/12 01:09:19 ipsec,debug ipsec:: => (first 0x100 of 0x208)
a...
aug/12 01:09:19 ipsec ipsec:: preparing internal IPv4 address
aug/12 01:09:19 ipsec ipsec:: preparing internal IPv4 netmask
aug/12 01:09:19 ipsec ipsec:: preparing internal IPv4 DNS
aug/12 01:09:19 ipsec ipsec:: adding payload: CONFIG
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x20)
aug/12 01:09:19 ipsec,debug ipsec:: 00000020 02000000 00010004 c0a851c4 00020004 ffffff00 00030004 c0a86201
aug/12 01:09:19 ipsec ipsec:: initiator selector: 192.x.x.x
aug/12 01:09:19 ipsec ipsec:: adding payload: TS_I
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x18)
aug/12 01:09:19 ipsec,debug ipsec:: 00000018 01000000 07000010 0000ffff c0a851c4 c0a851c4
aug/12 01:09:19 ipsec ipsec:: responder selector: 0.0.0.0/0
aug/12 01:09:19 ipsec ipsec:: adding payload: TS_R
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x18)
aug/12 01:09:19 ipsec,debug ipsec:: 00000018 01000000 07000010 0000ffff 00000000 ffffffff
aug/12 01:09:19 ipsec ipsec:: adding payload: SA
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x2c)
aug/12 01:09:19 ipsec,debug ipsec:: 0000002c 00000028 01030403 0784ee58 0300000c 0100000c 800e0100 03000008
aug/12 01:09:19 ipsec,debug ipsec:: 0300000c 00000008 05000000
aug/12 01:09:19 ipsec ipsec:: <- ike2 reply, exchange: AUTH:1 ...
aug/12 01:09:19 ipsec,debug ipsec:: ===== sending 2304 bytes from ...
aug/12 01:09:19 ipsec,debug ipsec:: 1 times of 2308 bytes message will be sent to ...
aug/12 01:09:19 ipsec,debug ipsec:: => child keymat (size 0x80)
...
aug/12 01:09:19 ipsec ipsec:: failed to add SA
aug/12 01:09:19 ipsec ipsec:: reply notify: AUTHENTICATION_FAILED
aug/12 01:09:19 ipsec ipsec:: adding notify: AUTHENTICATION_FAILED
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x8)
aug/12 01:09:19 ipsec,debug ipsec:: 00000008 00000018
aug/12 01:09:19 ipsec ipsec:: <- ike2 reply, exchange: AUTH:1 ...
aug/12 01:09:19 ipsec,debug ipsec:: ===== sending 240 bytes from ...
aug/12 01:09:19 ipsec,debug ipsec:: 1 times of 244 bytes message will be sent to ...
aug/12 01:09:19 ipsec,info ipsec:: killing ike2 SA: ...
aug/12 01:09:19 ipsec ipsec:: removing generated policy
aug/12 01:09:19 ipsec ipsec:: adding payload: DELETE
aug/12 01:09:19 ipsec,debug ipsec:: => (size 0x8)
aug/12 01:09:19 ipsec,debug ipsec:: 00000008 01000000
aug/12 01:09:19 ipsec ipsec:: <- ike2 request, exchange: INFORMATIONAL:0 ...
aug/12 01:09:19 ipsec,debug ipsec:: ===== sending 288 bytes from ...
aug/12 01:09:19 ipsec,debug ipsec:: 1 times of 292 bytes message will be sent to ...
aug/12 01:09:19 ipsec ipsec:: KA remove: ...
aug/12 01:09:19 ipsec,debug ipsec:: KA tree dump: ... (in_use=1)
aug/12 01:09:19 ipsec,debug ipsec:: KA removing this one...
aug/12 01:09:19 ipsec,info ipsec:: releasing address 192.x.x.x