Hi,

we have some strangeness while establishing an ipsec tunnel using peer poposal-check=exact:

In the log, it says "phase 2 established" immediately followed by "phase 2 expired". The SAs are actually installed (and ipsec works), but checking the stats says "no phase 2".

I checked the proposal options multiple times: They are exactely the same as required by "poposal-check=exact" (machines are in different timezones and using NTP sync'ed time).

If I switch to proposal-check=obey it works as expected.

Can I get more debug information about _what_ is causing this immediate "established" followed by "expired".

Thanks for any comments here.

Achim

BTW RouterOS 2.9.39