I noticed that both Winbox and Webmin do report incorrectly the IPSec installed SA's properties.
Here's some examples:
Winbox report of installed SAs and details about a particular SA. Please note that the encryption algorithm is empty while the key is present: Webmin's report of the installed SAs. Same problem -- the encryption algorithm is empty for both the list and detailed report of an SA: But the /ip ipsec installed-sa pr report seems to be reporting the encryption algorithm correctly as aes-gcm:
Code: Select all
[admin@XXXXXX_MikroTik] /ip ipsec installed-sa> pr
Flags: A - AH, E - ESP
0 E spi=0xCC9D8F5 src-address= dst-address=yyy.yyy.yyy.yyy
state=mature enc-algorithm=aes-gcm
enc-key="secretrandomkeysecretrandomkeysecretrandomkeysecretrand1"
addtime=apr/21/2016 10:05:26 expires-in=9m20s add-lifetime=16m/20m
current-bytes=198146 replay=128
1 E spi=0xE0E6563 src-address=yyy.yyy.yyy.yyy dst-address=xxx.xxx.xxx.xxx
state=mature enc-algorithm=aes-gcm
enc-key="secretrandomkeysecretrandomkeysecretrandomkeysecretrand2"
addtime=apr/21/2016 10:05:26 expires-in=9m20s add-lifetime=16m/20m
current-bytes=144972 replay=128
2 E spi=0x47259A7 src-address=xxx.xxx.xxx.xxx dst-address=yyy.yyy.yyy.yyy
state=mature enc-algorithm=aes-gcm
enc-key="secretrandomkeysecretrandomkeysecretrandomkeysecretrand3"
addtime=apr/21/2016 10:07:05 expires-in=10m59s add-lifetime=16m/20m
current-bytes=861034 replay=128
3 E spi=0xDFDC0D2 src-address=yyy.yyy.yyy.yyy dst-address=xxx.xxx.xxx.xxx
state=mature enc-algorithm=aes-gcm
enc-key="secretrandomkeysecretrandomkeysecretrandomkeysecretrand4"
addtime=apr/21/2016 10:07:05 expires-in=10m59s add-lifetime=16m/20m
Regards,
Alex