IPsec tunnel UP but unable to ping remote site

netsysadmin

The file /tmp/rules.debug contains some references to snort, but this package is not listed in the list of installed packages!
Is this normal?

newbieuser1234

I am not sure.  Can you just roll back the 2.1 install to 2.0.3 if your others are working fine? I have seen some other threads with ipsec issues and 2.1.

netsysadmin

I will try to do that as a final resort.

Today, I deleted the SADs & SPDs for this tunnel via the Status->IPsec menu on both pfSense boxes.
Then, I manually initiated the tunnel connection from the local pfSense. This time, the tunnel is NOT being established successfully!

Below are extracts of the IPsec logs on both pfSense boxes:

Local IPsec log:

Jan 16 10:31:44 racoon: [Remote Site]: INFO: initiate new phase 2 negotiation: A.B.14.125[500]<=>X.Y.45.57[500]
Jan 16 10:31:34 racoon: ERROR: X.Y.45.57 give up to get IPsec-SA due to time up to wait.
Jan 16 10:31:04 racoon: [Remote Site]: INFO: initiate new phase 2 negotiation: A.B.14.125[500]<=>X.Y.45.57[500]
Jan 16 10:31:01 racoon: ERROR: X.Y.45.57 give up to get IPsec-SA due to time up to wait.
Jan 16 10:30:31 racoon: [Remote Site]: INFO: initiate new phase 2 negotiation: A.B.14.125[500]<=>X.Y.45.57[500]
Jan 16 10:30:29 racoon: ERROR: X.Y.45.57 give up to get IPsec-SA due to time up to wait.
Jan 16 10:29:59 racoon: [Remote Site]: INFO: initiate new phase 2 negotiation: A.B.14.125[500]<=>X.Y.45.57[500]
Jan 16 10:29:57 racoon: ERROR: X.Y.45.57 give up to get IPsec-SA due to time up to wait.
Jan 16 10:29:27 racoon: [Remote Site]: INFO: initiate new phase 2 negotiation: A.B.14.125[500]<=>X.Y.45.57[500]
Jan 16 10:29:26 racoon: ERROR: X.Y.45.57 give up to get IPsec-SA due to time up to wait.
Jan 16 10:28:56 racoon: [Remote Site]: INFO: initiate new phase 2 negotiation: A.B.14.125[500]<=>X.Y.45.57[500]
Jan 16 10:28:53 racoon: ERROR: X.Y.45.57 give up to get IPsec-SA due to time up to wait.
Jan 16 10:28:23 racoon: [Remote Site]: INFO: initiate new phase 2 negotiation: A.B.14.125[500]<=>X.Y.45.57[500]
Jan 16 10:28:22 racoon: ERROR: X.Y.45.57 give up to get IPsec-SA due to time up to wait.
Jan 16 10:28:03 racoon: INFO: purged ISAKMP-SA spi=a4af563fc9c5cfbe:9175d41fd1b77719.
Jan 16 10:28:03 racoon: INFO: purged IPsec-SA spi=149356395.
Jan 16 10:28:03 racoon: INFO: purged IPsec-SA spi=253417779.
Jan 16 10:28:03 racoon: INFO: purged IPsec-SA spi=2546232902.
Jan 16 10:28:03 racoon: INFO: purging ISAKMP-SA spi=a4af563fc9c5cfbe:9175d41fd1b77719.
Jan 16 10:27:52 racoon: [Remote Site]: INFO: initiate new phase 2 negotiation: A.B.14.125[500]<=>X.Y.45.57[500]
Jan 16 10:27:47 racoon: INFO: unsupported PF_KEY message REGISTER
Jan 16 10:27:44 racoon: [Remote Site]: INFO: initiate new phase 2 negotiation: A.B.14.125[500]<=>X.Y.45.57[500]
Jan 16 10:27:42 racoon: ERROR: X.Y.45.57 give up to get IPsec-SA due to time up to wait.
Jan 16 10:27:12 racoon: [Remote Site]: INFO: initiate new phase 2 negotiation: A.B.14.125[500]<=>X.Y.45.57[500]
Jan 16 10:27:12 racoon: [Remote Site]: INFO: ISAKMP-SA established A.B.14.125[500]-X.Y.45.57[500] spi:4ddb97edf7f2b86d:248b8de8d4a475b7
Jan 16 10:27:12 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Jan 16 10:27:12 racoon: INFO: received Vendor ID: DPD
Jan 16 10:27:10 racoon: INFO: begin Identity Protection mode.
Jan 16 10:27:10 racoon: [Remote Site]: INFO: initiate new phase 1 negotiation: A.B.14.125[500]<=>X.Y.45.57[500]
Jan 16 10:27:10 racoon: [Remote Site]: INFO: IPsec-SA request for X.Y.45.57 queued due to no phase1 found.

Remote IPsec log:

Jan 16 10:32:18 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:32:18 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:32:18 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:32:18 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:32:04 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:32:04 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:32:04 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:32:04 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:31:54 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:31:54 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:31:54 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:31:54 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:31:44 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:31:44 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:31:44 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:31:44 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:31:24 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:31:24 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:31:24 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:31:24 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:31:14 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:31:14 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:31:14 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:31:14 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:31:04 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:31:04 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:31:04 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:31:04 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:30:51 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:30:51 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:30:51 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:30:51 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:30:41 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:30:41 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:30:41 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:30:41 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:30:31 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:30:31 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:30:31 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:30:31 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:30:19 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:30:19 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:30:19 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:30:19 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:30:09 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:30:09 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:30:09 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:30:09 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:29:59 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:29:59 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:29:59 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:29:59 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:29:47 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:29:47 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:29:47 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:29:47 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:29:37 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:29:37 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:29:37 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:29:37 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:29:27 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:29:27 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:29:27 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:29:27 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:29:16 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:29:16 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:29:16 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:29:16 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:29:06 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:29:06 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:29:06 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:29:06 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:28:56 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:28:56 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:28:56 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:28:56 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:28:43 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:28:43 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:28:43 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:28:43 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:28:33 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:28:33 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:28:33 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:28:33 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:28:23 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:28:23 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:28:23 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:28:23 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:28:12 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:28:12 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:28:12 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:28:12 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:28:02 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:28:02 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:28:02 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:28:02 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:27:52 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:27:52 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:27:52 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:27:52 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:27:44 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:27:44 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:27:44 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:27:44 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:27:32 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:27:32 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:27:32 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:27:32 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:27:22 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:27:22 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:27:22 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:27:22 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:27:12 racoon: [Local Site]: [A.B.14.125] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Jan 16 10:27:12 racoon: ERROR: failed to get proposal for responder.
Jan 16 10:27:12 racoon: ERROR: no policy found: 10.6.0.0/16[0] 192.168.6.0/24[0] proto=any dir=in
Jan 16 10:27:12 racoon: [Local Site]: INFO: respond new phase 2 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]
Jan 16 10:27:12 racoon: [Local Site]: INFO: ISAKMP-SA established X.Y.45.57[500]-A.B.14.125[500] spi:4ddb97edf7f2b86d:248b8de8d4a475b7
Jan 16 10:27:10 racoon: INFO: received Vendor ID: DPD
Jan 16 10:27:10 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Jan 16 10:27:10 racoon: INFO: begin Identity Protection mode.
Jan 16 10:27:10 racoon: [Local Site]: INFO: respond new phase 1 negotiation: X.Y.45.57[500]<=>A.B.14.125[500]

There seems to be a problem during phase 2 negotiation, but after checking the 2 configs, I don't find any problem with both phase 2 parameters.

netsysadmin

I edited both phase 2 configs & set the the lifetimes to be 3600 (they were 86400) and saved the configs.
Then, I refreshed the IPsec status pages and the tunnel showed as "active".

But of course, I still cannot ping/access the other network!

I restored the lifetimes back to 86400 and the tunnel is still showing as "active", but the remote network is still not accessible from the local network, and vice-versa.

Strange?

netsysadmin

2 days ago, I restarted the local pfSense box (version 2.1), then pinged a couple of hosts on the remote LAN and the pings were successful!
Now, it's not working again  :( /  >:(

It seems there must be a problem with IPsec on 2.1.
As soon as I get some time, I'll install version 2.0.3 and see whether the problem persists.

Thank you.

netsysadmin

I upgraded to the 2.1.1 PRE-RELEASE version without any success.

wahn

So i got this Problem too and i rollback on 2.0.3 and it works i think there is aproblem with the routing in version 2.1 on an upgrade it works but install doesn`t i hope it can helps bb

newbieuser1234

Why are hesitant to roll back to 2.0.3?

netsysadmin

Yes, you are right.
I am trying everything possible before the last resort of rolling back to 2.0.3.
I think I got used to the interface, the traffic shaping queue status, …

I'm even trying OpenVPN, but having the same problem, which is making me wonder whether the problem is elsewhere!
The OpenVPN tunnel is UP, but I'm unable to access either remote LAN hosts.

Will update this post if I do find the cause of this problem.

lexl

We have the same problem, tunnel is up but no traffic in both directions.When I restart racoon on both sides I have traffic but after some time this stops while tunnel status still shows up.

We use the special hyper-v 2.1 build.

Lex

normanu

@lexl:

We have the same problem, tunnel is up but no traffic in both directions.When I restart racoon on both sides I have traffic but after some time this stops while tunnel status still shows up.

We use the special hyper-v 2.1 build.

Lex

silly question, but did you add a rule in the firewall for the VPN interface which allows all traffic ?

lexl

Yes, I have a rule to allow all traffic on the ipsec interface.

And in fact at times it works for a while but then traffic stops but tunnel status still show connected on both sides.
When I restart racoon on both sides the tunnel gets connected but maybe in 1 out of 10 times I have traffic through.

Lex

lieutdan13

Have you resolved this issue? I am seeing the same symptoms.

mtafur.mfsac

Questions:

Is your tunnel up? (verify in the IPSec Status / Logs).
HAve you created the rule for IPSEC (source any / desto: any)?

I had to créate two additional rules in the LAN tab, with source: local subnet / desto: remote subnet and vice versa.

That way I had it working.

lieutdan13

@mtafur.mfsac:

Questions:

Is your tunnel up? (verify in the IPSec Status / Logs).
HAve you created the rule for IPSEC (source any / desto: any)?

I had to créate two additional rules in the LAN tab, with source: local subnet / desto: remote subnet and vice versa.

That way I had it working.

I created the rules as stated and the VPN worked for about 5 minutes. After many wasted hours of troubleshooting, I finally removed the IPSec configuration for the tunnel on both sides and started from scratch, setting them up side-by-side. The tunnels have now been working for a few hours without any issues whatsoever. I will give it the weekend before I am confident.

Sharaz

im sorry (and desperate) to report I have identical issue.

I have 4 vpn tunnels to 4 remote pfsense firewalls.  4 tunnels show up and green, only 3 tunnels transmit data.

ive rebooted all pfsense systems, and all the 3 tunnels work correctly, but the 4th tunnel shows up but no data.  I am really hoping to find the solution to this issue!  has anyone made any progress lately?

Sharaz

well, i rebuilt one problem pfsense this morning.  rebuilt its 3 ipsec tunnels… 2 came up, and the broken one stayed broken (even tho it shows as green in the status).

ill rebuild the other endpoint tonight and report back.

Overlord

Hey guys

Sorry for grub out the old thread - but there's no other thread open and here's no solution ;)

I have excactly the same issue: 2 IPsec VPNs and I can't ping the remote network - but from the remote network I can ping to my network.

Maybe somebody has an solution?

chhinfo

Overlord >>
you try to search in Status > System Logs > Firewall > Normal View
Maybe that will help you.

Wagabow

@chhinfo:

Overlord >>
you try to search in Status > System Logs > Firewall > Normal View
Maybe that will help you.

I have the same trouble :/ ! What have I could find ? But my configuration is a little bit different, may be it's the reason of that.

[Local site pfSense]–|
[Local computer]–----|--[Local Internet Access Router]–|@@@@@@@@@@|--[Remote Internet Access Router]–[Remote pfSense]–[Router]–[Remote Network]

My Local pfSense have only one network interface and I have a route between Remote pfSense and Remote Network.
But from Remote Network, I can ping Local computer but from Local computer that doesn't work.

What could I find in Status > System Logs > Firewall > Normal View ?

Thank you in advance,
Regards,
W.