Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Still IPSec Problems with 2.2.2

    Scheduled Pinned Locked Moved IPsec
    23 Posts 6 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mkaishar
      last edited by

      Still having problems with IPSec in 2.2.2

      Using IKEv2 on all tunnels

      P1 restablished, P2 does not pass traffic

      Forcing a disconnect/reconnect restablishes and passes traffic

      14 tunnels connecting to Sonicwall TZ215
      1 tunnel connecting to Sonicwall TZ210
      1 tunnel connecting to Fortinet 100D

      15 tunnels have at least 2 P2 networks
      1 tunnel to Fortinet has at least 4 P2 networks

      Needed to disable DPD to stabilize tunnel to Fortinet (not necessarily an issue with pfsense, but it was the only way to get it working reliably)

      FYI…tore down and rebuilt each VPN tunnel from scratch on both ends

      Disabling Auto-Exclude LAN Address does not work under advanced settings, I uncheck, save, go back and it is still checked.

      Will upload logs when I am able to

      1 Reply Last reply Reply Quote 0
      • M
        mkaishar
        last edited by

        So after P2 Lifetime of 84600 expiration, traffic stops
        2 networks on P2

        logs…

        Apr 21 19:17:25 charon: 12[MGR] <con15|556>check-in of IKE_SA successful.
        Apr 21 19:17:25 charon: 12[MGR] <con15|556>check-in of IKE_SA successful.
        Apr 21 19:17:25 charon: 12[MGR] <con15|556>checkin IKE_SA con15[556]
        Apr 21 19:17:25 charon: 12[MGR] <con15|556>checkin IKE_SA con15[556]
        Apr 21 19:17:25 charon: 12[MGR] IKE_SA con15[556] successfully checked out
        Apr 21 19:17:25 charon: 12[MGR] IKE_SA con15[556] successfully checked out
        Apr 21 19:17:25 charon: 12[MGR] checkout IKE_SA
        Apr 21 19:17:25 charon: 12[MGR] checkout IKE_SA
        Apr 21 19:17:25 charon: 05[MGR] <con8|567>check-in of IKE_SA successful.
        Apr 21 19:17:25 charon: 05[MGR] <con8|567>check-in of IKE_SA successful.
        Apr 21 19:17:25 charon: 05[MGR] <con8|567>checkin IKE_SA con8[567]
        Apr 21 19:17:25 charon: 05[MGR] <con8|567>checkin IKE_SA con8[567]
        Apr 21 19:17:25 charon: 05[MGR] IKE_SA con8[567] successfully checked out
        Apr 21 19:17:25 charon: 05[MGR] IKE_SA con8[567] successfully checked out
        Apr 21 19:17:25 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:25 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:24 charon: 05[MGR] <con5|568>check-in of IKE_SA successful.
        Apr 21 19:17:24 charon: 05[MGR] <con5|568>check-in of IKE_SA successful.
        Apr 21 19:17:24 charon: 05[MGR] <con5|568>checkin IKE_SA con5[568]
        Apr 21 19:17:24 charon: 05[MGR] <con5|568>checkin IKE_SA con5[568]
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>nothing to initiate
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>nothing to initiate
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>activating new tasks
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>activating new tasks
        Apr 21 19:17:24 charon: 05[NET] <con5|568>received packet: from xxx.xxx.91.228[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:24 charon: 05[NET] <con5|568>received packet: from xxx.xxx.91.228[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:24 charon: 05[MGR] IKE_SA con5[568] successfully checked out
        Apr 21 19:17:24 charon: 05[MGR] IKE_SA con5[568] successfully checked out
        Apr 21 19:17:24 charon: 05[MGR] checkout IKE_SA by message
        Apr 21 19:17:24 charon: 05[MGR] checkout IKE_SA by message
        Apr 21 19:17:24 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:24 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:24 charon: 06[NET] received packet: from xxx.xxx.91.228[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:24 charon: 06[NET] received packet: from xxx.xxx.91.228[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:24 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.91.228[500]
        Apr 21 19:17:24 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.91.228[500]
        Apr 21 19:17:24 charon: 05[MGR] <con5|568>check-in of IKE_SA successful.
        Apr 21 19:17:24 charon: 05[MGR] <con5|568>check-in of IKE_SA successful.
        Apr 21 19:17:24 charon: 05[MGR] <con5|568>checkin IKE_SA con5[568]
        Apr 21 19:17:24 charon: 05[MGR] <con5|568>checkin IKE_SA con5[568]
        Apr 21 19:17:24 charon: 05[NET] <con5|568>sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.91.228[500] (76 bytes)
        Apr 21 19:17:24 charon: 05[NET] <con5|568>sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.91.228[500] (76 bytes)
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>activating IKE_DPD task
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>activating IKE_DPD task
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>activating new tasks
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>activating new tasks
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>queueing IKE_DPD task
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>queueing IKE_DPD task
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>sending DPD request
        Apr 21 19:17:24 charon: 05[IKE] <con5|568>sending DPD request
        Apr 21 19:17:24 charon: 05[MGR] IKE_SA con5[568] successfully checked out
        Apr 21 19:17:24 charon: 05[MGR] IKE_SA con5[568] successfully checked out
        Apr 21 19:17:24 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:24 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:24 charon: 05[MGR] <con11|557>check-in of IKE_SA successful.
        Apr 21 19:17:24 charon: 05[MGR] <con11|557>check-in of IKE_SA successful.
        Apr 21 19:17:24 charon: 05[MGR] <con11|557>checkin IKE_SA con11[557]
        Apr 21 19:17:24 charon: 05[MGR] <con11|557>checkin IKE_SA con11[557]
        Apr 21 19:17:24 charon: 05[MGR] IKE_SA con11[557] successfully checked out
        Apr 21 19:17:24 charon: 05[MGR] IKE_SA con11[557] successfully checked out
        Apr 21 19:17:24 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:24 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:23 charon: 05[MGR] <con13|563>check-in of IKE_SA successful.
        Apr 21 19:17:23 charon: 05[MGR] <con13|563>check-in of IKE_SA successful.
        Apr 21 19:17:23 charon: 05[MGR] <con13|563>checkin IKE_SA con13[563]
        Apr 21 19:17:23 charon: 05[MGR] <con13|563>checkin IKE_SA con13[563]
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>nothing to initiate
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>nothing to initiate
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>activating new tasks
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>activating new tasks
        Apr 21 19:17:23 charon: 05[NET] <con13|563>received packet: from xxx.xxx.190.90[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:23 charon: 05[NET] <con13|563>received packet: from xxx.xxx.190.90[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:23 charon: 05[MGR] IKE_SA con13[563] successfully checked out
        Apr 21 19:17:23 charon: 05[MGR] IKE_SA con13[563] successfully checked out
        Apr 21 19:17:23 charon: 05[MGR] checkout IKE_SA by message
        Apr 21 19:17:23 charon: 05[MGR] checkout IKE_SA by message
        Apr 21 19:17:23 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:23 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:23 charon: 06[NET] received packet: from xxx.xxx.190.90[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:23 charon: 06[NET] received packet: from xxx.xxx.190.90[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:23 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.190.90[500]
        Apr 21 19:17:23 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.190.90[500]
        Apr 21 19:17:23 charon: 05[MGR] <con13|563>check-in of IKE_SA successful.
        Apr 21 19:17:23 charon: 05[MGR] <con13|563>check-in of IKE_SA successful.
        Apr 21 19:17:23 charon: 05[MGR] <con13|563>checkin IKE_SA con13[563]
        Apr 21 19:17:23 charon: 05[MGR] <con13|563>checkin IKE_SA con13[563]
        Apr 21 19:17:23 charon: 05[NET] <con13|563>sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.190.90[500] (76 bytes)
        Apr 21 19:17:23 charon: 05[NET] <con13|563>sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.190.90[500] (76 bytes)
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>activating IKE_DPD task
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>activating IKE_DPD task
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>activating new tasks
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>activating new tasks
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>queueing IKE_DPD task
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>queueing IKE_DPD task
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>sending DPD request
        Apr 21 19:17:23 charon: 05[IKE] <con13|563>sending DPD request
        Apr 21 19:17:23 charon: 05[MGR] IKE_SA con13[563] successfully checked out
        Apr 21 19:17:23 charon: 05[MGR] IKE_SA con13[563] successfully checked out
        Apr 21 19:17:23 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:23 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:23 charon: 05[MGR] <con3|565>check-in of IKE_SA successful.
        Apr 21 19:17:23 charon: 05[MGR] <con3|565>check-in of IKE_SA successful.
        Apr 21 19:17:23 charon: 05[MGR] <con3|565>checkin IKE_SA con3[565]
        Apr 21 19:17:23 charon: 05[MGR] <con3|565>checkin IKE_SA con3[565]
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>nothing to initiate
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>nothing to initiate
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>activating new tasks
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>activating new tasks
        Apr 21 19:17:23 charon: 05[NET] <con3|565>received packet: from xxx.xxx.xxx.178[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:23 charon: 05[NET] <con3|565>received packet: from xxx.xxx.xxx.178[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:23 charon: 05[MGR] IKE_SA con3[565] successfully checked out
        Apr 21 19:17:23 charon: 05[MGR] IKE_SA con3[565] successfully checked out
        Apr 21 19:17:23 charon: 05[MGR] checkout IKE_SA by message
        Apr 21 19:17:23 charon: 05[MGR] checkout IKE_SA by message
        Apr 21 19:17:23 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:23 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:23 charon: 06[NET] received packet: from xxx.xxx.xxx.178[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:23 charon: 06[NET] received packet: from xxx.xxx.xxx.178[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:23 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.178[500]
        Apr 21 19:17:23 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.178[500]
        Apr 21 19:17:23 charon: 05[MGR] <con3|565>check-in of IKE_SA successful.
        Apr 21 19:17:23 charon: 05[MGR] <con3|565>check-in of IKE_SA successful.
        Apr 21 19:17:23 charon: 05[MGR] <con3|565>checkin IKE_SA con3[565]
        Apr 21 19:17:23 charon: 05[MGR] <con3|565>checkin IKE_SA con3[565]
        Apr 21 19:17:23 charon: 05[NET] <con3|565>sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.178[500] (76 bytes)
        Apr 21 19:17:23 charon: 05[NET] <con3|565>sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.178[500] (76 bytes)
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>activating IKE_DPD task
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>activating IKE_DPD task
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>activating new tasks
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>activating new tasks
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>queueing IKE_DPD task
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>queueing IKE_DPD task
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>sending DPD request
        Apr 21 19:17:23 charon: 05[IKE] <con3|565>sending DPD request
        Apr 21 19:17:23 charon: 05[MGR] IKE_SA con3[565] successfully checked out
        Apr 21 19:17:23 charon: 05[MGR] IKE_SA con3[565] successfully checked out
        Apr 21 19:17:23 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:23 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:22 charon: 05[MGR] <con14|566>check-in of IKE_SA successful.
        Apr 21 19:17:22 charon: 05[MGR] <con14|566>check-in of IKE_SA successful.
        Apr 21 19:17:22 charon: 05[MGR] <con14|566>checkin IKE_SA con14[566]
        Apr 21 19:17:22 charon: 05[MGR] <con14|566>checkin IKE_SA con14[566]
        Apr 21 19:17:22 charon: 05[MGR] IKE_SA con14[566] successfully checked out
        Apr 21 19:17:22 charon: 05[MGR] IKE_SA con14[566] successfully checked out
        Apr 21 19:17:22 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:22 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:22 charon: 05[MGR] <con6|560>check-in of IKE_SA successful.
        Apr 21 19:17:22 charon: 05[MGR] <con6|560>check-in of IKE_SA successful.
        Apr 21 19:17:22 charon: 05[MGR] <con6|560>checkin IKE_SA con6[560]
        Apr 21 19:17:22 charon: 05[MGR] <con6|560>checkin IKE_SA con6[560]
        Apr 21 19:17:22 charon: 05[MGR] IKE_SA con6[560] successfully checked out
        Apr 21 19:17:22 charon: 05[MGR] IKE_SA con6[560] successfully checked out
        Apr 21 19:17:22 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:22 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:21 charon: 05[MGR] <con15|556>check-in of IKE_SA successful.
        Apr 21 19:17:21 charon: 05[MGR] <con15|556>check-in of IKE_SA successful.
        Apr 21 19:17:21 charon: 05[MGR] <con15|556>checkin IKE_SA con15[556]
        Apr 21 19:17:21 charon: 05[MGR] <con15|556>checkin IKE_SA con15[556]
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>nothing to initiate
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>nothing to initiate
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>activating new tasks
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>activating new tasks
        Apr 21 19:17:21 charon: 05[NET] <con15|556>received packet: from 64.xxx.xxx.xx2[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:21 charon: 05[NET] <con15|556>received packet: from 64.xxx.xxx.xx2[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:21 charon: 05[MGR] IKE_SA con15[556] successfully checked out
        Apr 21 19:17:21 charon: 05[MGR] IKE_SA con15[556] successfully checked out
        Apr 21 19:17:21 charon: 05[MGR] checkout IKE_SA by message
        Apr 21 19:17:21 charon: 05[MGR] checkout IKE_SA by message
        Apr 21 19:17:21 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:21 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:21 charon: 06[NET] received packet: from 64.xxx.xxx.xx2[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:21 charon: 06[NET] received packet: from 64.xxx.xxx.xx2[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:21 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to 64.xxx.xxx.xx2[500]
        Apr 21 19:17:21 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to 64.xxx.xxx.xx2[500]
        Apr 21 19:17:21 charon: 05[MGR] <con15|556>check-in of IKE_SA successful.
        Apr 21 19:17:21 charon: 05[MGR] <con15|556>check-in of IKE_SA successful.
        Apr 21 19:17:21 charon: 05[MGR] <con15|556>checkin IKE_SA con15[556]
        Apr 21 19:17:21 charon: 05[MGR] <con15|556>checkin IKE_SA con15[556]
        Apr 21 19:17:21 charon: 05[NET] <con15|556>sending packet: from xxx.xxx.xxx.194[500] to 64.xxx.xxx.xx2[500] (76 bytes)
        Apr 21 19:17:21 charon: 05[NET] <con15|556>sending packet: from xxx.xxx.xxx.194[500] to 64.xxx.xxx.xx2[500] (76 bytes)
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>activating IKE_DPD task
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>activating IKE_DPD task
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>activating new tasks
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>activating new tasks
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>queueing IKE_DPD task
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>queueing IKE_DPD task
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>sending DPD request
        Apr 21 19:17:21 charon: 05[IKE] <con15|556>sending DPD request
        Apr 21 19:17:21 charon: 05[MGR] IKE_SA con15[556] successfully checked out
        Apr 21 19:17:21 charon: 05[MGR] IKE_SA con15[556] successfully checked out
        Apr 21 19:17:21 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:21 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:21 charon: 05[MGR] <con8|567>check-in of IKE_SA successful.
        Apr 21 19:17:21 charon: 05[MGR] <con8|567>check-in of IKE_SA successful.
        Apr 21 19:17:21 charon: 05[MGR] <con8|567>checkin IKE_SA con8[567]
        Apr 21 19:17:21 charon: 05[MGR] <con8|567>checkin IKE_SA con8[567]
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>nothing to initiate
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>nothing to initiate
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>activating new tasks
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>activating new tasks
        Apr 21 19:17:21 charon: 05[NET] <con8|567>received packet: from 70.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:21 charon: 05[NET] <con8|567>received packet: from 70.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:21 charon: 05[MGR] IKE_SA con8[567] successfully checked out
        Apr 21 19:17:21 charon: 05[MGR] IKE_SA con8[567] successfully checked out
        Apr 21 19:17:21 charon: 05[MGR] checkout IKE_SA by message
        Apr 21 19:17:21 charon: 05[MGR] checkout IKE_SA by message
        Apr 21 19:17:21 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:21 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:21 charon: 06[NET] received packet: from 70.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:21 charon: 06[NET] received packet: from 70.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:21 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to 70.xxx.xxx.xxx[500]
        Apr 21 19:17:21 charon: 05[MGR] <con8|567>check-in of IKE_SA successful.
        Apr 21 19:17:21 charon: 05[MGR] <con8|567>check-in of IKE_SA successful.
        Apr 21 19:17:21 charon: 05[MGR] <con8|567>checkin IKE_SA con8[567]
        Apr 21 19:17:21 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to 70.xxx.xxx.xxx[500]
        Apr 21 19:17:21 charon: 05[MGR] <con8|567>checkin IKE_SA con8[567]
        Apr 21 19:17:21 charon: 05[NET] <con8|567>sending packet: from xxx.xxx.xxx.194[500] to 70.xxx.xxx.xxx[500] (76 bytes)
        Apr 21 19:17:21 charon: 05[NET] <con8|567>sending packet: from xxx.xxx.xxx.194[500] to 70.xxx.xxx.xxx[500] (76 bytes)
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>activating IKE_DPD task
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>activating IKE_DPD task
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>activating new tasks
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>activating new tasks
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>queueing IKE_DPD task
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>queueing IKE_DPD task
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>sending DPD request
        Apr 21 19:17:21 charon: 05[IKE] <con8|567>sending DPD request
        Apr 21 19:17:21 charon: 05[MGR] IKE_SA con8[567] successfully checked out
        Apr 21 19:17:21 charon: 05[MGR] IKE_SA con8[567] successfully checked out
        Apr 21 19:17:21 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:21 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:21 charon: 05[MGR] <con10|564>check-in of IKE_SA successful.
        Apr 21 19:17:21 charon: 05[MGR] <con10|564>check-in of IKE_SA successful.
        Apr 21 19:17:21 charon: 05[MGR] <con10|564>checkin IKE_SA con10[564]
        Apr 21 19:17:21 charon: 05[MGR] <con10|564>checkin IKE_SA con10[564]
        Apr 21 19:17:21 charon: 05[MGR] IKE_SA con10[564] successfully checked out
        Apr 21 19:17:21 charon: 05[MGR] IKE_SA con10[564] successfully checked out
        Apr 21 19:17:21 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:21 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:20 charon: 05[MGR] <con4|561>check-in of IKE_SA successful.
        Apr 21 19:17:20 charon: 05[MGR] <con4|561>check-in of IKE_SA successful.
        Apr 21 19:17:20 charon: 05[MGR] <con4|561>checkin IKE_SA con4[561]
        Apr 21 19:17:20 charon: 05[MGR] <con4|561>checkin IKE_SA con4[561]
        Apr 21 19:17:20 charon: 05[MGR] IKE_SA con4[561] successfully checked out
        Apr 21 19:17:20 charon: 05[MGR] IKE_SA con4[561] successfully checked out
        Apr 21 19:17:20 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:20 charon: 05[MGR] checkout IKE_SA
        Apr 21 19:17:20 charon: 02[MGR] <con9|558>check-in of IKE_SA successful.
        Apr 21 19:17:20 charon: 02[MGR] <con9|558>check-in of IKE_SA successful.
        Apr 21 19:17:20 charon: 02[MGR] <con9|558>checkin IKE_SA con9[558]
        Apr 21 19:17:20 charon: 02[MGR] <con9|558>checkin IKE_SA con9[558]
        Apr 21 19:17:20 charon: 02[MGR] IKE_SA con9[558] successfully checked out
        Apr 21 19:17:20 charon: 02[MGR] IKE_SA con9[558] successfully checked out
        Apr 21 19:17:20 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:20 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:20 charon: 02[MGR] <con16|562>check-in of IKE_SA successful.
        Apr 21 19:17:20 charon: 02[MGR] <con16|562>check-in of IKE_SA successful.
        Apr 21 19:17:20 charon: 02[MGR] <con16|562>checkin IKE_SA con16[562]
        Apr 21 19:17:20 charon: 02[MGR] <con16|562>checkin IKE_SA con16[562]
        Apr 21 19:17:20 charon: 02[MGR] IKE_SA con16[562] successfully checked out
        Apr 21 19:17:20 charon: 02[MGR] IKE_SA con16[562] successfully checked out
        Apr 21 19:17:20 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:20 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:20 charon: 02[MGR] <con11|557>check-in of IKE_SA successful.
        Apr 21 19:17:20 charon: 02[MGR] <con11|557>check-in of IKE_SA successful.
        Apr 21 19:17:20 charon: 02[MGR] <con11|557>checkin IKE_SA con11[557]
        Apr 21 19:17:20 charon: 02[MGR] <con11|557>checkin IKE_SA con11[557]
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>nothing to initiate
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>nothing to initiate
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>activating new tasks
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>activating new tasks
        Apr 21 19:17:20 charon: 02[NET] <con11|557>received packet: from 64.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:20 charon: 02[NET] <con11|557>received packet: from 64.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:20 charon: 02[MGR] IKE_SA con11[557] successfully checked out
        Apr 21 19:17:20 charon: 02[MGR] IKE_SA con11[557] successfully checked out
        Apr 21 19:17:20 charon: 02[MGR] checkout IKE_SA by message
        Apr 21 19:17:20 charon: 02[MGR] checkout IKE_SA by message
        Apr 21 19:17:20 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:20 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:20 charon: 06[NET] received packet: from 64.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:20 charon: 06[NET] received packet: from 64.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:20 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to 64.xxx.xxx.xxx[500]
        Apr 21 19:17:20 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to 64.xxx.xxx.xxx[500]
        Apr 21 19:17:20 charon: 02[MGR] <con11|557>check-in of IKE_SA successful.
        Apr 21 19:17:20 charon: 02[MGR] <con11|557>check-in of IKE_SA successful.
        Apr 21 19:17:20 charon: 02[MGR] <con11|557>checkin IKE_SA con11[557]
        Apr 21 19:17:20 charon: 02[MGR] <con11|557>checkin IKE_SA con11[557]
        Apr 21 19:17:20 charon: 02[NET] <con11|557>sending packet: from xxx.xxx.xxx.194[500] to 64.xxx.xxx.xxx[500] (76 bytes)
        Apr 21 19:17:20 charon: 02[NET] <con11|557>sending packet: from xxx.xxx.xxx.194[500] to 64.xxx.xxx.xxx[500] (76 bytes)
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>activating IKE_DPD task
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>activating IKE_DPD task
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>activating new tasks
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>activating new tasks
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>queueing IKE_DPD task
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>queueing IKE_DPD task
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>sending DPD request
        Apr 21 19:17:20 charon: 02[IKE] <con11|557>sending DPD request
        Apr 21 19:17:20 charon: 02[MGR] IKE_SA con11[557] successfully checked out
        Apr 21 19:17:20 charon: 02[MGR] IKE_SA con11[557] successfully checked out
        Apr 21 19:17:20 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:20 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:19 charon: 02[MGR] <con7|559>check-in of IKE_SA successful.
        Apr 21 19:17:19 charon: 02[MGR] <con7|559>check-in of IKE_SA successful.
        Apr 21 19:17:19 charon: 02[MGR] <con7|559>checkin IKE_SA con7[559]
        Apr 21 19:17:19 charon: 02[MGR] <con7|559>checkin IKE_SA con7[559]
        Apr 21 19:17:19 charon: 02[MGR] IKE_SA con7[559] successfully checked out
        Apr 21 19:17:19 charon: 02[MGR] IKE_SA con7[559] successfully checked out
        Apr 21 19:17:19 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:19 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:19 charon: 02[MGR] <con12|569>check-in of IKE_SA successful.
        Apr 21 19:17:19 charon: 02[MGR] <con12|569>check-in of IKE_SA successful.
        Apr 21 19:17:19 charon: 02[MGR] <con12|569>checkin IKE_SA con12[569]
        Apr 21 19:17:19 charon: 02[MGR] <con12|569>checkin IKE_SA con12[569]
        Apr 21 19:17:19 charon: 02[MGR] IKE_SA con12[569] successfully checked out
        Apr 21 19:17:19 charon: 02[MGR] IKE_SA con12[569] successfully checked out
        Apr 21 19:17:19 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:19 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:18 charon: 02[MGR] <con14|566>check-in of IKE_SA successful.
        Apr 21 19:17:18 charon: 02[MGR] <con14|566>check-in of IKE_SA successful.
        Apr 21 19:17:18 charon: 02[MGR] <con14|566>checkin IKE_SA con14[566]
        Apr 21 19:17:18 charon: 02[MGR] <con14|566>checkin IKE_SA con14[566]
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>nothing to initiate
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>nothing to initiate
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>activating new tasks
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>activating new tasks
        Apr 21 19:17:18 charon: 02[NET] <con14|566>received packet: from 209.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:18 charon: 02[NET] <con14|566>received packet: from 209.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:18 charon: 02[MGR] IKE_SA con14[566] successfully checked out
        Apr 21 19:17:18 charon: 02[MGR] IKE_SA con14[566] successfully checked out
        Apr 21 19:17:18 charon: 02[MGR] checkout IKE_SA by message
        Apr 21 19:17:18 charon: 02[MGR] checkout IKE_SA by message
        Apr 21 19:17:18 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:18 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:18 charon: 06[NET] received packet: from 209.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:18 charon: 06[NET] received packet: from 209.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:18 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to 209.xxx.xxx.xxx[500]
        Apr 21 19:17:18 charon: 02[MGR] <con14|566>check-in of IKE_SA successful.
        Apr 21 19:17:18 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to 209.xxx.xxx.xxx[500]
        Apr 21 19:17:18 charon: 02[MGR] <con14|566>check-in of IKE_SA successful.
        Apr 21 19:17:18 charon: 02[MGR] <con14|566>checkin IKE_SA con14[566]
        Apr 21 19:17:18 charon: 02[MGR] <con14|566>checkin IKE_SA con14[566]
        Apr 21 19:17:18 charon: 02[NET] <con14|566>sending packet: from xxx.xxx.xxx.194[500] to 209.xxx.xxx.xxx[500] (76 bytes)
        Apr 21 19:17:18 charon: 02[NET] <con14|566>sending packet: from xxx.xxx.xxx.194[500] to 209.xxx.xxx.xxx[500] (76 bytes)
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>activating IKE_DPD task
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>activating IKE_DPD task
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>activating new tasks
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>activating new tasks
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>queueing IKE_DPD task
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>queueing IKE_DPD task
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>sending DPD request
        Apr 21 19:17:18 charon: 02[IKE] <con14|566>sending DPD request
        Apr 21 19:17:18 charon: 02[MGR] IKE_SA con14[566] successfully checked out
        Apr 21 19:17:18 charon: 02[MGR] IKE_SA con14[566] successfully checked out
        Apr 21 19:17:18 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:18 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:18 charon: 02[MGR] <con6|560>check-in of IKE_SA successful.
        Apr 21 19:17:18 charon: 02[MGR] <con6|560>check-in of IKE_SA successful.
        Apr 21 19:17:18 charon: 02[MGR] <con6|560>checkin IKE_SA con6[560]
        Apr 21 19:17:18 charon: 02[MGR] <con6|560>checkin IKE_SA con6[560]
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>nothing to initiate
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>nothing to initiate
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>activating new tasks
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>activating new tasks
        Apr 21 19:17:18 charon: 02[NET] <con6|560>received packet: from 216.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:18 charon: 02[NET] <con6|560>received packet: from 216.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:18 charon: 02[MGR] IKE_SA con6[560] successfully checked out
        Apr 21 19:17:18 charon: 02[MGR] IKE_SA con6[560] successfully checked out
        Apr 21 19:17:18 charon: 02[MGR] checkout IKE_SA by message
        Apr 21 19:17:18 charon: 02[MGR] checkout IKE_SA by message
        Apr 21 19:17:18 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:18 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:18 charon: 06[NET] received packet: from 216.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:18 charon: 06[NET] received packet: from 216.xxx.xxx.xxx[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:18 charon: 02[MGR] <con6|560>check-in of IKE_SA successful.
        Apr 21 19:17:18 charon: 02[MGR] <con6|560>check-in of IKE_SA successful.
        Apr 21 19:17:18 charon: 02[MGR] <con6|560>checkin IKE_SA con6[560]
        Apr 21 19:17:18 charon: 02[MGR] <con6|560>checkin IKE_SA con6[560]
        Apr 21 19:17:18 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to 216.xxx.xxx.xxx[500]
        Apr 21 19:17:18 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to 216.xxx.xxx.xxx[500]
        Apr 21 19:17:18 charon: 02[NET] <con6|560>sending packet: from xxx.xxx.xxx.194[500] to 216.xxx.xxx.xxx[500] (76 bytes)
        Apr 21 19:17:18 charon: 02[NET] <con6|560>sending packet: from xxx.xxx.xxx.194[500] to 216.xxx.xxx.xxx[500] (76 bytes)
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>activating IKE_DPD task
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>activating IKE_DPD task
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>activating new tasks
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>activating new tasks
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>queueing IKE_DPD task
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>queueing IKE_DPD task
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>sending DPD request
        Apr 21 19:17:18 charon: 02[IKE] <con6|560>sending DPD request
        Apr 21 19:17:18 charon: 02[MGR] IKE_SA con6[560] successfully checked out
        Apr 21 19:17:18 charon: 02[MGR] IKE_SA con6[560] successfully checked out
        Apr 21 19:17:18 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:18 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:18 charon: 02[MGR] <con5|568>check-in of IKE_SA successful.
        Apr 21 19:17:18 charon: 02[MGR] <con5|568>check-in of IKE_SA successful.
        Apr 21 19:17:18 charon: 02[MGR] <con5|568>checkin IKE_SA con5[568]
        Apr 21 19:17:18 charon: 02[MGR] <con5|568>checkin IKE_SA con5[568]
        Apr 21 19:17:18 charon: 02[MGR] IKE_SA con5[568] successfully checked out
        Apr 21 19:17:18 charon: 02[MGR] IKE_SA con5[568] successfully checked out
        Apr 21 19:17:18 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:18 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:17 charon: 02[MGR] <con13|563>check-in of IKE_SA successful.
        Apr 21 19:17:17 charon: 02[MGR] <con13|563>check-in of IKE_SA successful.
        Apr 21 19:17:17 charon: 02[MGR] <con13|563>checkin IKE_SA con13[563]
        Apr 21 19:17:17 charon: 02[MGR] <con13|563>checkin IKE_SA con13[563]
        Apr 21 19:17:17 charon: 02[MGR] IKE_SA con13[563] successfully checked out
        Apr 21 19:17:17 charon: 02[MGR] IKE_SA con13[563] successfully checked out
        Apr 21 19:17:17 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:17 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:17 charon: 02[MGR] <con3|565>check-in of IKE_SA successful.
        Apr 21 19:17:17 charon: 02[MGR] <con3|565>check-in of IKE_SA successful.
        Apr 21 19:17:17 charon: 02[MGR] <con3|565>checkin IKE_SA con3[565]
        Apr 21 19:17:17 charon: 02[MGR] <con3|565>checkin IKE_SA con3[565]
        Apr 21 19:17:17 charon: 02[MGR] IKE_SA con3[565] successfully checked out
        Apr 21 19:17:17 charon: 02[MGR] IKE_SA con3[565] successfully checked out
        Apr 21 19:17:17 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:17 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:17 charon: 02[MGR] <con10|564>check-in of IKE_SA successful.
        Apr 21 19:17:17 charon: 02[MGR] <con10|564>check-in of IKE_SA successful.
        Apr 21 19:17:17 charon: 02[MGR] <con10|564>checkin IKE_SA con10[564]
        Apr 21 19:17:17 charon: 02[MGR] <con10|564>checkin IKE_SA con10[564]
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>nothing to initiate
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>nothing to initiate
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>activating new tasks
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>activating new tasks
        Apr 21 19:17:17 charon: 02[NET] <con10|564>received packet: from xxx.xxx.xxx.42[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:17 charon: 02[NET] <con10|564>received packet: from xxx.xxx.xxx.42[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:17 charon: 02[MGR] IKE_SA con10[564] successfully checked out
        Apr 21 19:17:17 charon: 02[MGR] IKE_SA con10[564] successfully checked out
        Apr 21 19:17:17 charon: 02[MGR] checkout IKE_SA by message
        Apr 21 19:17:17 charon: 02[MGR] checkout IKE_SA by message
        Apr 21 19:17:17 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:17 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:17 charon: 06[NET] received packet: from xxx.xxx.xxx.42[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:17 charon: 06[NET] received packet: from xxx.xxx.xxx.42[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:17 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.42[500]
        Apr 21 19:17:17 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.42[500]
        Apr 21 19:17:17 charon: 02[MGR] <con10|564>check-in of IKE_SA successful.
        Apr 21 19:17:17 charon: 02[MGR] <con10|564>check-in of IKE_SA successful.
        Apr 21 19:17:17 charon: 02[MGR] <con10|564>checkin IKE_SA con10[564]
        Apr 21 19:17:17 charon: 02[MGR] <con10|564>checkin IKE_SA con10[564]
        Apr 21 19:17:17 charon: 02[NET] <con10|564>sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.42[500] (76 bytes)
        Apr 21 19:17:17 charon: 02[NET] <con10|564>sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.42[500] (76 bytes)
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>activating IKE_DPD task
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>activating IKE_DPD task
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>activating new tasks
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>activating new tasks
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>queueing IKE_DPD task
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>queueing IKE_DPD task
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>sending DPD request
        Apr 21 19:17:17 charon: 02[IKE] <con10|564>sending DPD request
        Apr 21 19:17:17 charon: 02[MGR] IKE_SA con10[564] successfully checked out
        Apr 21 19:17:17 charon: 02[MGR] IKE_SA con10[564] successfully checked out
        Apr 21 19:17:17 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:17 charon: 02[MGR] checkout IKE_SA
        Apr 21 19:17:16 charon: 02[MGR] <con4|561>check-in of IKE_SA successful.
        Apr 21 19:17:16 charon: 02[MGR] <con4|561>check-in of IKE_SA successful.
        Apr 21 19:17:16 charon: 02[MGR] <con4|561>checkin IKE_SA con4[561]
        Apr 21 19:17:16 charon: 02[MGR] <con4|561>checkin IKE_SA con4[561]
        Apr 21 19:17:16 charon: 02[IKE] <con4|561>nothing to initiate
        Apr 21 19:17:16 charon: 02[IKE] <con4|561>nothing to initiate
        Apr 21 19:17:16 charon: 02[IKE] <con4|561>activating new tasks
        Apr 21 19:17:16 charon: 02[IKE] <con4|561>activating new tasks
        Apr 21 19:17:16 charon: 02[NET] <con4|561>received packet: from xxx.xxx.xxx.33[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:16 charon: 02[NET] <con4|561>received packet: from xxx.xxx.xxx.33[500] to xxx.xxx.xxx.194[500] (76 bytes)
        Apr 21 19:17:16 charon: 02[MGR] IKE_SA con4[561] successfully checked out
        Apr 21 19:17:16 charon: 02[MGR] IKE_SA con4[561] successfully checked out
        Apr 21 19:17:16 charon: 02[MGR] checkout IKE_SA by message
        Apr 21 19:17:16 charon: 02[MGR] checkout IKE_SA by message
        Apr 21 19:17:16 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:16 charon: 06[NET] waiting for data on sockets
        Apr 21 19:17:16 charon: 06[NET] received packet: from xxx.xxx.xxx.33[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:16 charon: 06[NET] received packet: from xxx.xxx.xxx.33[500] to xxx.xxx.xxx.194[500]
        Apr 21 19:17:16 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.33[500]
        Apr 21 19:17:16 charon: 10[NET] sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.33[500]
        Apr 21 19:17:16 charon: 15[MGR] <con4|561>check-in of IKE_SA successful.
        Apr 21 19:17:16 charon: 15[MGR] <con4|561>check-in of IKE_SA successful.
        Apr 21 19:17:16 charon: 15[MGR] <con4|561>checkin IKE_SA con4[561]
        Apr 21 19:17:16 charon: 15[MGR] <con4|561>checkin IKE_SA con4[561]
        Apr 21 19:17:16 charon: 15[NET] <con4|561>sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.33[500] (76 bytes)
        Apr 21 19:17:16 charon: 15[NET] <con4|561>sending packet: from xxx.xxx.xxx.194[500] to xxx.xxx.xxx.33[500] (76 bytes)
        Apr 21 19:17:16 charon: 15[IKE] <con4|561>activating IKE_DPD task
        Apr 21 19:17:16 charon: 15[IKE] <con4|561>activating IKE_DPD task
        Apr 21 19:17:16 charon: 15[IKE] <con4|561>activating new tasks
        Apr 21 19:17:16 charon: 15[IKE] <con4|561>activating new tasks
        Apr 21 19:17:16 charon: 15[IKE] <con4|561>queueing IKE_DPD task
        Apr 21 19:17:16 charon: 15[IKE] <con4|561>queueing IKE_DPD task
        Apr 21 19:17:16 charon: 15[IKE] <con4|561>sending DPD request
        Apr 21 19:17:16 charon: 15[IKE] <con4|561>sending DPD request
        Apr 21 19:17:16 charon: 15[MGR] IKE_SA con4[561] successfully checked out
        Apr 21 19:17:16 charon: 15[MGR] IKE_SA con4[561] successfully checked out
        Apr 21 19:17:16 charon: 15[MGR] checkout IKE_SA
        Apr 21 19:17:16 charon: 15[MGR] checkout IKE_SA
        Apr 21 19:17:16 charon: 15[MGR] <con9|558>check-in of IKE_SA successful.
        Apr 21 19:17:16 charon: 15[MGR] <con9|558>check-in of IKE_SA successful.
        Apr 21 19:17:16 charon: 15[MGR] <con9|558>checkin IKE_SA con9[558]
        Apr 21 19:17:16 charon: 15[MGR] <con9|558>checkin IKE_SA con9[558]
        Apr 21 19:17:16 charon: 15[IKE] <con9|558>nothing to initiate
        Apr 21 19:17:16 charon: 15[IKE] <con9|558>nothing to initiate
        Apr 21 19:17:16 charon: 15[IKE] <con9|558>activating new tasks
        Apr 21 19:17:16 charon: 15[IKE] <con9|558>activating new tasks</con9|558></con9|558></con9|558></con9|558></con9|558></con9|558></con9|558></con9|558></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con4|561></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con10|564></con3|565></con3|565></con3|565></con3|565></con13|563></con13|563></con13|563></con13|563></con5|568></con5|568></con5|568></con5|568></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con6|560></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con14|566></con12|569></con12|569></con12|569></con12|569></con7|559></con7|559></con7|559></con7|559></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con11|557></con16|562></con16|562></con16|562></con16|562></con9|558></con9|558></con9|558></con9|558></con4|561></con4|561></con4|561></con4|561></con10|564></con10|564></con10|564></con10|564></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con8|567></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con15|556></con6|560></con6|560></con6|560></con6|560></con14|566></con14|566></con14|566></con14|566></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con3|565></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con13|563></con11|557></con11|557></con11|557></con11|557></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con5|568></con8|567></con8|567></con8|567></con8|567></con15|556></con15|556></con15|556></con15|556>

        1 Reply Last reply Reply Quote 0
        • M
          mkaishar
          last edited by

          So having multiple P2 networks is still a problem.

          Other office with pfsense 2.2.2 connecting to same sonicwalls but only 1 P2 network…no problems.

          1 Reply Last reply Reply Quote 0
          • B
            brumm
            last edited by

            Hello!

            Big Big Problems here…..

            We have changed Internetprovider and i have a mixed openvpn and ipsec configuration with about 50 sites.
            now i changed all openvpn connections to 2.2.2 machine, no problem

            rest is fortigate firewalls, all possible versions and hardware... i am facing massive problems with IPSEC.

            it is not easy to go back, i am changing from 2.0.1 machine to 2.2.2

            any ideas - which is the last known stable version with working ipsec with multiple p2 and certifcates?

            And will it be possible to load the config of 2.2.2 in an older pfsense version?

            is pfsense thinking of fixing this mess? i used 2.0 and 2.1 alot and actually love it , 2.2.2 is a desaster.

            regards
            martin

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              @brumm:

              any ideas - which is the last known stable version with working ipsec with multiple p2 and certifcates?

              2.1.5

              1 Reply Last reply Reply Quote 0
              • B
                brumm
                last edited by

                thank you - will my 2.2.2 configuration apply?
                would be alot of work to manually configure all tunnels again.

                regards
                Martin

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  No, you cannot use 2.2.2 configuration. You can use the 2.0.1 one.

                  1 Reply Last reply Reply Quote 0
                  • M
                    mkaishar
                    last edited by

                    Same issues again, after lifetime expires, no traffic passing, forcing a disconnect/reconnect of ipsec enables traffic again.

                    anyone else having these issues?

                    1 Reply Last reply Reply Quote 0
                    • B
                      brumm
                      last edited by

                      i have even more problems. p2 only enables from one side (initiator/responder),
                      some p2 just do not activate automatically, manual identifier when using certificates.
                      rekeying problems, etc etc.

                      all in all absolutly unstable - ofcourse other side did not change - so it is not a problem of fortigate firewalls.

                      the 2.0.1 setup was now running well for years now.

                      regards
                      martin

                      1 Reply Last reply Reply Quote 0
                      • M
                        mkaishar
                        last edited by

                        I can reproduce problem very quickly

                        P2 lifetime dropped to 300 seconds and when it expires, traffic stops

                        Oh well back to 2.1.5 because 2.2.x is not production ready from my experiences so far

                        1 Reply Last reply Reply Quote 0
                        • C
                          cmb
                          last edited by

                          @mkaishar:

                          I can reproduce problem very quickly

                          P2 lifetime dropped to 300 seconds and when it expires, traffic stops

                          Dropped lifetime on both ends or just one?

                          Could you share the IPsec portion of your config? Minus PSKs/certs is fine.

                          1 Reply Last reply Reply Quote 0
                          • C
                            cmb
                            last edited by

                            @brumm:

                            i have even more problems. p2 only enables from one side (initiator/responder),
                            some p2 just do not activate automatically, manual identifier when using certificates.
                            rekeying problems, etc etc.

                            Could you share the IPsec portion of your config? Minus PSKs/certs is fine.

                            1 Reply Last reply Reply Quote 0
                            • M
                              mkaishar
                              last edited by

                              @cmb:

                              @mkaishar:

                              I can reproduce problem very quickly

                              P2 lifetime dropped to 300 seconds and when it expires, traffic stops

                              Dropped lifetime on both ends or just one?

                              Could you share the IPsec portion of your config? Minus PSKs/certs is fine.

                              Both ends…sure I will put it together give me a little bit of time.

                              1 Reply Last reply Reply Quote 0
                              • M
                                mkaishar
                                last edited by

                                attached screen shots of pfsense and sonicwall

                                pfsense1.png
                                pfsense1.png_thumb
                                pfsense2.png
                                pfsense2.png_thumb
                                pfsense3.png
                                pfsense3.png_thumb
                                pfsense4.png
                                pfsense4.png_thumb
                                pfsense5.png
                                pfsense5.png_thumb
                                sonicwall1.png
                                sonicwall1.png_thumb
                                sonicwall1a.png
                                sonicwall1a.png_thumb
                                sonicwall2.png
                                sonicwall2.png_thumb
                                sonicwall3.png
                                sonicwall3.png_thumb
                                sonicwall4.png
                                sonicwall4.png_thumb
                                sonicwall5.png
                                sonicwall5.png_thumb
                                sonicwall6.png
                                sonicwall6.png_thumb

                                1 Reply Last reply Reply Quote 0
                                • M
                                  mkaishar
                                  last edited by

                                  Last night around 7:30PM PST I removed one P2, so each tunnel (15) only has one P2 running and there are no issues even after P2 lifetime (86400) expired.

                                  Which as confirmed 2.2.2 still has issues unfortunately with IPSec and multiple P2.

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    doktornotor Banned
                                    last edited by

                                    There was an issue with using the + button to create more P2s. Unconvinced the configuration upgrade code ever fixed that.

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      mkaishar
                                      last edited by

                                      I didn't clone the first P2 to create the second P2, they were all manually created.

                                      1 Reply Last reply Reply Quote 0
                                      • T
                                        tbo2k
                                        last edited by

                                        We are also having the same issues. This is driving us crazy.
                                        With 2.1.5 we had absolutely no problems.
                                        With 2.2.2 first everything looked ok so we updated like 2 weeks ago since 2.2 was
                                        But after some time random tunnels stopped working. We get this problem with many tunnels (but not all of them).

                                        We have like 100+ Tunnels on some sites.

                                        The issues almost only occur between pfsense firewalls, no matter if 2.2.2 or 2.2.1.

                                        • Sometimes after phase2 lifetime ends (we default to 3600 seconds = 1hour) no data is passed through the new tunnel
                                        • if the subnet-mask gets changed the sad will not be deleted (you need to completely destroy ipsec with restart daemon)
                                        • sometimes the tunnel is only established from the other side
                                        • sometimes random sa don't get reestablished, from 20 P2-SA between to sides we have 19 or 18 working.
                                        • when chaning ikev1 to ikev2 the established SA must manually be stopped to restart we ikev2
                                        • This happens no matter what settings. IKEv2, IKEv1, nothing is really stable.
                                        • with ikev2 some phase2 settings don't work at all (having subnets like 192.168.1.0/24 <-> 192.168.2.0/24 + 192.168.1.1/32 <-> 192.168.3.1/32
                                        • This sometimes also happens with single-P2-SA (single network to network) tunnels
                                        • 2.2.1 looks more stable than 2.2.2, we have less issues with 2.2.1 sites

                                        The frustrating thing is that it is not reproducable. Some sites work without issues. This after years of stable VPN.
                                        Another frustrating thing is the Log output.
                                        It either says nothing or tells too much and did not really help to detemine the reason for connection issues (new tunnel, wrong proposals, network mismatch).

                                        The bad is, that we cannot downgrade all systems since we went from 2.1.5 to 2.2.1 and after that to 2.2.2

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          mkaishar
                                          last edited by

                                          I noticed one pfsense to fortigate tunnel did not exhibit the same problems where traffic stops flowing after lifetime expiration

                                          After more in depth review of all settings (I've been at this for weeks now and getting exhausted)

                                          I had P2 lifetime expiration set different between pfsense and fortigate

                                          So…I changed settings:

                                          All remote (sonicwalls & fortigates) P1 lifetime is 28800
                                          All remote (sonicwalls & fortigates) P2 lifetime is 3600

                                          All pfsense P1 lifetime is 28800
                                          All pfsense P2 lifetime is 86400

                                          Each tunnel has at least 2 P2 networks, some tunnels have 4 P2 networks

                                          It's been stable, traffic continues to flow so far even after lifetime expiration on pfsense P1 or P2

                                          Now the question...is this safe security practices?

                                          I don't know, but I think I can live with it for the time being.

                                          1 Reply Last reply Reply Quote 0
                                          • M
                                            mkaishar
                                            last edited by

                                            @mkaishar:

                                            I noticed one pfsense to fortigate tunnel did not exhibit the same problems where traffic stops flowing after lifetime expiration

                                            After more in depth review of all settings (I've been at this for weeks now and getting exhausted)

                                            I had P2 lifetime expiration set different between pfsense and fortigate

                                            So…I changed settings:

                                            All remote (sonicwalls & fortigates) P1 lifetime is 28800
                                            All remote (sonicwalls & fortigates) P2 lifetime is 3600

                                            All pfsense P1 lifetime is 28800
                                            All pfsense P2 lifetime is 86400

                                            ~~Each tunnel has at least 2 P2 networks, some tunnels have 4 P2 networks

                                            It's been stable, traffic continues to flow so far even after lifetime expiration on pfsense P1 or P2

                                            Now the question…is this safe security practices?

                                            I don't know, but I think I can live with it for the time being.~~

                                            Doesn't work with the sonicwalls, oh well back to research again and disabling multiple P2 networks!

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.