IPsec problems using VPN Tracker 8

bytemission

Hi,

since pfsense 2.2. i can't connect anymore via IPsec. It worked perfect on all boxes before 2.2.

phase1 works, authentication works, but VPN Tracker complains that the "identifiers" do not match. Hm.

I never chanegd anything, just did the upodate to 2.2.

i compared: all is fine, alls matches. but IPsec does not work.

So any idea what is going on there?

here is pfsense log:

Apr 20 15:53:21 charon: 12[IKE] <con1|4>no matching CHILD_SA config found
Apr 20 15:53:21 charon: 12[IKE] no matching CHILD_SA config found
Apr 20 15:53:21 charon: 12[ENC] generating INFORMATIONAL_V1 request 129772487 [ HASH N(INVAL_ID) ]
Apr 20 15:53:21 charon: 12[NET] sending paxyet: from IP1[4500] to IP2[15424] (124 bytes)
Apr 20 15:53:21 charon: 12[NET] received paxyet: from IP2[15424] to IP1[4500] (140 bytes)
Apr 20 15:53:21 charon: 12[ENC] parsed INFORMATIONAL_V1 request 4131587848 [ HASH D ]
Apr 20 15:53:21 charon: 12[IKE] <con1|4>received DELETE for IKE_SA con1[4]
Apr 20 15:53:21 charon: 12[IKE] received DELETE for IKE_SA con1[4]
Apr 20 15:53:21 charon: 12[IKE] <con1|4>deleting IKE_SA con1[4] between IP1[identifier.one]…IP2[user@identifier.two]
Apr 20 15:53:21 charon: 12[IKE] deleting IKE_SA con1[4] between IP1[identifier.one]…IP2[user@identifier.two]

Thank you.

Chris</con1|4></con1|4></con1|4>

cmb

That's an issue I heard of once, but wasn't able to look into it with the user.

I'd like to look at this with you, via screen sharing, or if you can get me direct access to the system. If that's possible, please PM me and we can arrange details.

ShutterBC

I had this happen to me and started going nuts trying to track it down after my upgrade. When I deleted my phase 1 and 2 entries and rebuilt them using the exact same settings, my issue went away. (well, this particular issue anyway)

I should have captured the config files associated with the GUI to compare.