Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
alex_dredd2014-06-13 15:51:47
Mikrotik
alex_dredd, 2014-06-13 15:51:47

Mikrotik + Azure IPSec. Connection falls off

Good afternoon. There is a Mikrotik CCR1016-12G. The firmware on it is the latest - 6.15. And there is a cloud network in Microsoft Azure. The connection between these 2 nodes must be through an ipsec tunnel. Tunnel on microt set up according to this article: blogs.technet.com/b/rharper/archive/2012/11/15/cre... .
The tunnel even rises and there is a ping from computers in the cloud to ground computers that are behind Mikrotik. And then the mysticism begins: every 44th second of every minute, the ping disappears and does not appear until the moment you distort the tunnel. After reconnection, it works again until the 44th second of the next minute.
The following appears in the logs (the first 3 lines are the moment when the tunnel went up and the ping appeared; then the events during which the tunnel falls off):

Jun/13/2014 15:46:06 ipsec IPsec-SA established: ESP/Tunnel 23.100.56.172[0]->77.222.151.182[0] spi=191848165(0xb6f5ee5)
Jun/13/2014 15:46:06 ipsec IPsec-SA established: ESP/Tunnel 77.222.151.182[0]->23.100.56.172[0] spi=2567954844(0x990fe19c)
Jun/13/2014 15:46:43 ipsec,debug,packet ==========
Jun/13/2014 15:46:44 ipsec,debug,packet 380 bytes message received from 23.100.56.172[500] to 77.222.151.182[500]
Jun/13/2014 15:46:44 ipsec,debug,packet df08daf3 04b87d45 58c60aa1 918151bf 08102001 00000002 0000017c 42eb3ac6
Jun/13/2014 15:46:44 ipsec,debug,packet 760c06f1 28310427 8d3f87f6 a73ea5b6 31e593de a305849d 8fb640c0 ec66c595
Jun/13/2014 15:46:44 ipsec,debug,packet bd0a6148 7681a30e df8539fd 2587c20a 5c6c8e9a ab9968f9 10d4b6fe fcfb5ced
Jun/13/2014 15:46:44 ipsec,debug,packet ae1fa737 bdd644ea e0932506 9fab04ca 0139dd8d 403ad91f e19acb34 e459a958
Jun/13/2014 15:46:44 ipsec,debug,packet a5832dbb 13529726 42135255 f73aa9a0 fdd6715b 36fa1111 edb52369 0f8ba9a2
Jun/13/2014 15:46:44 ipsec,debug,packet 5a6e30b8 6321f8f0 54a6f49e c4a0a70e ec9be50e a35a417b 1f136375 60cc12ca
Jun/13/2014 15:46:44 ipsec,debug,packet 83c272db 1d04bb08 4dff1727 c084ca50 3c2665ae b15d1133 f3e5e77e 4959a94a
Jun/13/2014 15:46:44 ipsec,debug,packet 097f09db d530c275 2ff59ba1 88997820 16941761 91bed59b 0074c795 699ba5ac
Jun/13/2014 15:46:44 ipsec,debug,packet 67be07e9 39317fbd 286195a2 71d0a36f 3196b398 15353db3 963db178 38e97090
Jun/13/2014 15:46:44 ipsec,debug,packet 8bc2056b 9eb4d285 9a2316ce 2ee07541 4ffd44f0 644dcc6d 8f7630f9 8b91f45d
Jun/13/2014 15:46:44 ipsec,debug,packet be4683d7 20f4a01c 3bca626e 4e19368f 56aa788a 0ad5ade4 f4c1f94f d2d5a32c
Jun/13/2014 15:46:44 ipsec,debug,packet 13e3e7c7 70e4848a 95a7835d 9c9b0a45 07f36f6e 8b0228f9 b3eedeef
Jun/13/2014 15:46:44 ipsec,debug,packet compute IV for phase2
Jun/13/2014 15:46:44 ipsec,debug,packet phase1 last IV:
Jun/13/2014 15:46:44 ipsec,debug,packet 034a528a eeb1f224 3263f871 0192ecd3 00000002
Jun/13/2014 15:46:44 ipsec,debug,packet hash(sha1)
Jun/13/2014 15:46:44 ipsec,debug,packet encryption(aes)
Jun/13/2014 15:46:44 ipsec,debug,packet phase2 IV computed:
Jun/13/2014 15:46:44 ipsec,debug,packet bff8bc15 75a7a8c5 00bcdd5f 702e7b5d
Jun/13/2014 15:46:44 ipsec,debug,packet ===
Jun/13/2014 15:46:44 ipsec,debug respond new phase 2 negotiation: 77.222.151.182[500]<=>23.100.56.172[500]
Jun/13/2014 15:46:44 ipsec,debug,packet encryption(aes)
Jun/13/2014 15:46:44 ipsec,debug,packet IV was saved for next processing:
Jun/13/2014 15:46:44 ipsec,debug,packet 9c9b0a45 07f36f6e 8b0228f9 b3eedeef
Jun/13/2014 15:46:44 ipsec,debug,packet encryption(aes)
Jun/13/2014 15:46:44 ipsec,debug,packet with key:
Jun/13/2014 15:46:44 ipsec,debug,packet ad90d294 a8543b21 3367d5ad 7422aa91
Jun/13/2014 15:46:44 ipsec,debug,packet decrypted payload by IV:
Jun/13/2014 15:46:44 ipsec,debug,packet bff8bc15 75a7a8c5 00bcdd5f 702e7b5d
Jun/13/2014 15:46:44 ipsec,debug,packet decrypted payload, but not trimed.
Jun/13/2014 15:46:44 ipsec,debug,packet 01000018 1992aaa6 cc183dc8 c27f2eb7 5b7fbe8e c66a9331 0a0000e8 00000001
Jun/13/2014 15:46:44 ipsec,debug,packet 00000001 02000038 01030401 2a0b334c 0000002c 010c0000 80040001 80060100
Jun/13/2014 15:46:44 ipsec,debug,packet 80050005 80010001 00020004 00000e10 80010002 00020004 061a8000 02000038
Jun/13/2014 15:46:44 ipsec,debug,packet 02030401 2a0b334c 0000002c 010c0000 80040001 80060100 80050002 80010001
Jun/13/2014 15:46:44 ipsec,debug,packet 00020004 00000e10 80010002 00020004 061a8000 02000038 03030401 2a0b334c
Jun/13/2014 15:46:44 ipsec,debug,packet 0000002c 010c0000 80040001 80060080 80050002 80010001 00020004 00000e10
Jun/13/2014 15:46:44 ipsec,debug,packet 80010002 00020004 061a8000 00000034 04030401 2a0b334c 00000028 01030000
Jun/13/2014 15:46:44 ipsec,debug,packet 80040001 80050002 80010001 00020004 00000e10 80010002 00020004 061a8000
Jun/13/2014 15:46:44 ipsec,debug,packet 05000034 d97938f4 f579cdc9 07c87ce7 564c24e5 71389ac6 2e7fd2b3 cbac1cc7
Jun/13/2014 15:46:44 ipsec,debug,packet 7d27a799 3865bc6b d23dd681 d0b96088 ce123108 05000010 04000000 0a000000
Jun/13/2014 15:46:44 ipsec,debug,packet ffffff00 00000010 04000000 c0a80300 ffffff00 00000000 00000000 00000000
Jun/13/2014 15:46:44 ipsec,debug,packet padding len=1
Jun/13/2014 15:46:44 ipsec,debug,packet skip to trim padding.
Jun/13/2014 15:46:44 ipsec,debug,packet decrypted.
Jun/13/2014 15:46:44 ipsec,debug,packet df08daf3 04b87d45 58c60aa1 918151bf 08102001 00000002 0000017c 01000018
Jun/13/2014 15:46:44 ipsec,debug,packet 1992aaa6 cc183dc8 c27f2eb7 5b7fbe8e c66a9331 0a0000e8 00000001 00000001
Jun/13/2014 15:46:44 ipsec,debug,packet 02000038 01030401 2a0b334c 0000002c 010c0000 80040001 80060100 80050005
Jun/13/2014 15:46:44 ipsec,debug,packet 80010001 00020004 00000e10 80010002 00020004 061a8000 02000038 02030401
Jun/13/2014 15:46:44 ipsec,debug,packet 2a0b334c 0000002c 010c0000 80040001 80060100 80050002 80010001 00020004
Jun/13/2014 15:46:44 ipsec,debug,packet 00000e10 80010002 00020004 061a8000 02000038 03030401 2a0b334c 0000002c
Jun/13/2014 15:46:44 ipsec,debug,packet 010c0000 80040001 80060080 80050002 80010001 00020004 00000e10 80010002
Jun/13/2014 15:46:44 ipsec,debug,packet 00020004 061a8000 00000034 04030401 2a0b334c 00000028 01030000 80040001
Jun/13/2014 15:46:44 ipsec,debug,packet 80050002 80010001 00020004 00000e10 80010002 00020004 061a8000 05000034
Jun/13/2014 15:46:44 ipsec,debug,packet d97938f4 f579cdc9 07c87ce7 564c24e5 71389ac6 2e7fd2b3 cbac1cc7 7d27a799
Jun/13/2014 15:46:44 ipsec,debug,packet 3865bc6b d23dd681 d0b96088 ce123108 05000010 04000000 0a000000 ffffff00
Jun/13/2014 15:46:44 ipsec,debug,packet 00000010 04000000 c0a80300 ffffff00 00000000 00000000 00000000

I will be glad if you can help.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
Cool Admin, 2014-06-13
@alex_dredd

Colleague, show the Ipsec section from MT (removing private data, of course), it looks like a timeout of something or an error in the configuration \ bug.
Also check msdn.microsoft.com/library/azure/jj156075.aspx#BKM... for all the parameters in the first column.

Report
D
Diman89, 2014-06-17
@Diman89

Have you tried rolling back to, say, 6.12? It seems like something was broken in the new ones?

Similar questions
N
nickostyle2017-07-21 12:28:23
How to render video without increasing speed? 3Reply
A
Artem Matyashov2019-07-31 12:22:22
How to set up Mikrotik with a replacement gateway? 2Reply
S
Sergey nix2021-03-02 08:22:17
How to stabilize IPsec? 2Reply
R
rt0012015-03-03 21:48:13
Is it possible in mikrotik to allow wlan clients only the Internet, and those who are in the access list also have access to the local network + DHCP from a domain controller? 3Reply
A
Aram Pakhchanian2019-08-10 18:51:44
How to ensure that L2TP VPN clients of the server to which the router is connected can access the network behind the router? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question