Multi Site-to-Site VPN Issue
-
Hello at all,
i have successfully created a site-to-site vpn over ipsec to a fritzbox.
Today i must create a new site-to-site connection to a pfsense.
Since i create the new connection i get the following error message of my first vpn site-to-site to fritzbox:charon: 13[KNL] creating acquire job for policy My-public-ip/32|/0 === other-site-public-ip/32|/0 with reqid {1}
ignoring acquire, connection attempt pending
The new vpn site-to-site is working perfectly and the old one (that i also need) get those error messages are shown above.
My pfsense is running 2.2 and i upgrade it after the issues to the new version 2.2.1 - but the problems sill exist.The following things do not fix the issue:
- Deleting the new site-to-site connection
- Deleting the old site-to-site connection and create it new
Every Site-to-Site has his own PSK, but this can´t be the problem, doesn´t it?
Thanks in advance
-
There are more informations from ipsec log:
Mar 19 19:39:18 charon: 10[IKE] <con1000|5>giving up after 5 retransmits
Mar 19 19:39:18 charon: 10[IKE] giving up after 5 retransmits
Mar 19 19:39:18 charon: 10[IKE] <con1000|5>peer not responding, trying again (3/3)
Mar 19 19:39:18 charon: 10[IKE] peer not responding, trying again (3/3)
Mar 19 19:39:18 charon: 10[IKE] <con1000|5>initiating Main Mode IKE_SA con1000[5] to fritzbox-wan-ip
Mar 19 19:39:18 charon: 10[IKE] initiating Main Mode IKE_SA con1000[5] to fritzbox-wan-ip
Mar 19 19:39:18 charon: 10[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
Mar 19 19:39:18 charon: 10[NET] sending packet: from my-pfsense-wan-ip[500] to fritzbox-wan-ip[500] (200 bytes)
Mar 19 19:39:21 charon: 10[IKE] <con2000|1>sending DPD request
Mar 19 19:39:21 charon: 10[IKE] sending DPD request
Mar 19 19:39:21 charon: 10[ENC] generating INFORMATIONAL_V1 request 2515535109 [ HASH N(DPD) ]</con2000|1></con1000|5></con1000|5></con1000|5> -
I have fixed it. Just restart the Fritzbox. There was no issue in my config.