/ip ipsec policy add dst-address=10.0.0.254/32 proposal=proposal1 sa-dst-address=10.0.0.254 \ sa-src-address=192.168.3.1 src-address=192.168.3.1/32 tunnel=yes

/ip ipsec peer add address=89.xxx.yyy.196/32 enc-algorithm=aes-256 exchange-mode=aggressive \ nat-traversal=yes secret=test

/ip ipsec proposal set [ find default=yes ] enc-algorithms=3des add enc-algorithms=3des,aes-256-cbc,aes-256-ctr name=proposal1

add dst-address=10.0.0.254/32 proposal=proposal1 sa-dst-address=89.xxx.yyy.196 \ sa-src-address=213.xxx.yyy.46 src-address=192.168.3.1/32 tunnel=yes

phase1 negotiation failed due to time up

P1_Mode: recv 1st Msg failed in selecting IKE proposal

/ip ipsec mode-config set (unknown) name=request-only send-dns=yes /ip ipsec policy group set default name=default /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024 add auth-algorithms=sha1 disabled=no enc-algorithms=aes-128-cbc,aes-192-cbc,aes-256-cbc,aes-128-ctr,aes-192-ctr,aes-256-ctr lifetime=30m name=proposal1 pfs-group=modp1024 /ip ipsec peer # Unsafe configuration, suggestion to use certificates add address=89.xxx.yyy.196/32 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=aggressive \ generate-policy=no hash-algorithm=sha1 lifebytes=0 lifetime=1d local-address=192.168.2.105 my-id-user-fqdn=box.dyndns-office.com nat-traversal=yes passive=no port=500 \ proposal-check=obey secret=test send-initial-contact=yes /ip ipsec policy add action=encrypt disabled=no dst-address=10.0.0.254/32 dst-port=any ipsec-protocols=esp level=require priority=0 proposal=proposal1 protocol=all sa-dst-address=\ 89.xxx.yyy.196 sa-src-address=192.168.2.105 src-address=192.168.2.105/32 src-port=any tunnel=yes

iked[910]: Process IKE Packet : mismatch length(0) in IsakmpHdr and InMsg(542)

May 6 21:47:36 196-251-static 70A20651D126E (2014-05-06T19:47:36) iked[910]: MainMode: Completed pcy[gateway.lantzius] src 89.x.y.z dst 213.a.b.c:500 (P1SA 0xdc17c 1/11) as RESPONDER

... DPD R-U-There-Ack received received an R-U-There Ack

DPD R-U-THERE-ACK received

18:36:13 ipsec、调试包DPD R-U-There-Ack衰退ived 18:36:13 ipsec,debug,packet received an R-U-THERE-ACK 18:38:13 ipsec,debug,packet DPD monitoring.... 18:38:13 ipsec,debug,packet compute IV for phase2 18:38:13 ipsec,debug,packet phase1 last IV: 18:38:13 ipsec,debug,packet c71e1bef 84170d34 b4d6694d 18:38:13 ipsec,debug,packet hash(sha1) 18:38:13 ipsec,debug,packet encryption(3des) 18:38:13 ipsec,debug,packet phase2 IV computed: 18:38:13 ipsec,debug,packet 52a3dd6f 1b4909b8 18:38:13 ipsec,debug,packet HASH with: 18:38:13 ipsec,debug,packet b4d6694d 00000020 00000001 01108d28 0dc040cd 98d0f4d9 1165bb58 bc83f1aa 18:38:13 ipsec,debug,packet 000001be 18:38:13 ipsec,debug,packet hmac(hmac_sha1) 18:38:13 ipsec,debug,packet HASH computed: 18:38:13 ipsec,debug,packet 9242fe75 945966bd 03cc9acc f08f02a4 80a9e78c 18:38:13 ipsec,debug,packet begin encryption. 18:38:13 ipsec,debug,packet encryption(3des) 18:38:13 ipsec,debug,packet pad length = 8 18:38:13 ipsec,debug,packet 0b000018 9242fe75 945966bd 03cc9acc f08f02a4 80a9e78c 00000020 00000001 18:38:13 ipsec,debug,packet 01108d28 0dc040cd 98d0f4d9 1165bb58 bc83f1aa 000001be 86028adf 40c2d207 18:38:13 ipsec,debug,packet encryption(3des) 18:38:13 ipsec,debug,packet with key: 18:38:13 ipsec,debug,packet 7a237713 427b7851 a71d9f53 18c7614f c2c21402 d49fd525 18:38:13 ipsec,debug,packet encrypted payload by IV: 18:38:13 ipsec,debug,packet 52a3dd6f 1b4909b8 18:38:13 ipsec,debug,packet save IV for next: 18:38:13 ipsec,debug,packet bec5e448 2021fd93 18:38:13 ipsec,debug,packet encrypted. 18:38:13 ipsec,debug,packet 92 bytes from 213.x.x.47[500] to 89.x.y.196[500 ] 18:38:13 ipsec,debug,packet sockname 213.x.y.47[500] 18:38:13 ipsec,debug,packet send packet from 213.x.y.47[500] 18:38:13 ipsec,debug,packet send packet to 89.x.y.196[500] 18:38:13 ipsec,debug,packet src4 213.x.y.47[500] 18:38:13 ipsec,debug,packet dst4 89.x.y.196[500] 18:38:13 ipsec,debug,packet 1 times of 92 bytes message will be sent to 89.x.y.196[500] 18:38:13 ipsec,debug,packet 0dc040cd 98d0f4d9 1165bb58 bc83f1aa 08100501 b4d6694d 0000005c cedad27b 18:38:13 ipsec,debug,packet 247d88dd 6c4ae712 97cb5033 33c90b69 883dee32 3c5feaeb cfa03c0c df80014f 18:38:13 ipsec,debug,packet 2c3e988a d09d8701 fd6b57ca de59b99d 7498133e bec5e448 2021fd93 18:38:13 ipsec,debug,packet sendto Information notify. 18:38:13 ipsec,debug,packet DPD R-U-There sent (0) 18:38:13 ipsec,debug,packet rescheduling send_r_u (2). 18:38:13 ipsec,debug,packet ========== 18:38:13 ipsec,debug,packet 84 bytes message received from 89.x.y.196[500] to 2 13.158.104.47[500] 18:38:13 ipsec,debug,packet 0dc040cd 98d0f4d9 1165bb58 bc83f1aa 08100501 b478b1a6 00000054 5a777f4b 18:38:13 ipsec,debug,packet f1369407 194c9cf4 0d15309c 71310528 33b5f537 9229a155 2f15ab62 5db767c3 18:38:13 ipsec,debug,packet e0eb8a25 163f5693 51690061 2a8005e3 7f235f9d 18:38:13 ipsec,debug,packet receive Information. 18:38:13 ipsec,debug,packet compute IV for phase2 18:38:13 ipsec,debug,packet phase1 last IV: 18:38:13 ipsec,debug,packet c71e1bef 84170d34 b478b1a6 18:38:13 ipsec,debug,packet hash(sha1) 18:38:13 ipsec,debug,packet encryption(3des) 18:38:13 ipsec,debug,packet phase2 IV computed: 18:38:13 ipsec,debug,packet aa624fcb ba7588a6 18:38:13 ipsec,debug,packet encryption(3des) 18:38:13 ipsec,debug,packet IV was saved for next processing: 18:38:13 ipsec,debug,packet 2a8005e3 7f235f9d 18:38:13 ipsec,debug,packet encryption(3des) 18:38:13 ipsec,debug,packet with key: 18:38:13 ipsec,debug,packet 7a237713 427b7851 a71d9f53 18c7614f c2c21402 d49fd525 18:38:13 ipsec,debug,packet decrypted payload by IV: 18:38:13 ipsec,debug,packet aa624fcb ba7588a6 18:38:13 ipsec,debug,packet decrypted payload, but not trimed. 18:38:13 ipsec,debug,packet 0b000018 8c4d685c 2292445f 09350d88 8ccfecc5 ee4c4842 00000020 00000001 18:38:13 ipsec,debug,packet 01108d29 0dc040cd 98d0f4d9 1165bb58 bc83f1aa 000001be 18:38:13 ipsec,debug,packet padding len=191 18:38:13 ipsec,debug,packet skip to trim padding. 18:38:13 ipsec,debug,packet decrypted. 18:38:13 ipsec,debug,packet 0dc040cd 98d0f4d9 1165bb58 bc83f1aa 08100501 b478b1a6 00000054 0b000018 18:38:13 ipsec,debug,packet 8c4d685c 2292445f 09350d88 8ccfecc5 ee4c4842 00000020 00000001 01108d29 18:38:13 ipsec,debug,packet 0dc040cd 98d0f4d9 1165bb58 bc83f1aa 000001be 18:38:13 ipsec,debug,packet HASH with: 18:38:13 ipsec,debug,packet b478b1a6 00000020 00000001 01108d29 0dc040cd 98d0f4d9 1165bb58 bc83f1aa 18:38:13 ipsec,debug,packet 000001be 18:38:13 ipsec,debug,packet hmac(hmac_sha1) 18:38:13 ipsec,debug,packet HASH computed: 18:38:13 ipsec,debug,packet 8c4d685c 2292445f 09350d88 8ccfecc5 ee4c4842 18:38:13 ipsec,debug,packet hash validated. 18:38:13 ipsec,debug,packet begin. 18:38:13 ipsec,debug,packet seen nptype=8(hash) 18:38:13 ipsec,debug,packet seen nptype=11(notify) 18:38:13 ipsec,debug,packet succeed. 18:38:13 ipsec,debug,packet DPD R-U-There-Ack received 18:38:13 ipsec,debug,packet received an R-U-THERE-ACK