It is likely that you have enabled the proxy_protocol on; setting in your nginx.conf file, but have not added the network.p2p.use_proxy_protocol=true setting to your Radix default.config file.
Explanation
If you have an Nginx reverse proxy in front of your Radix node then the Radix log file will show connections from 127.0.0.1 instead of the real IP address of the node you are connected to.
For example:
Auth handshake failed on {-> ?@127.0.0.1:57872 | AUTH_HANDSHAKE}: Handshake decryption failed (Invalid MAC)
Nginx can be configured to pass the real IP details to an application by adding the proxy_protocol on; setting to the server block in the nginx.conf file.
The Radix node needs to be configured to expect this additional real IP address details otherwise it fails with an Adjusted frame length exceeds 1048580 error and discards the message.
Add the following line to your Radix default.config file to enable the real IP feature and then restart the Radix node.
After the change has been applied you will now see the real ip logged:
Auth handshake failed on {-> ?@164.132.201.13:51752 | AUTH_HANDSHAKE}: Handshake decryption failed (Invalid MAC)