Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC VPN borked

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      draccusfly
      last edited by

      HI,

      I created a site-to-site VPN tunnel on Tuesday and after a little tinkering all was working perfectly.  However after 1 day (86400 seconds) the tunnel closed and now won;t rekey. 
      I am seeing the following two lines in the IPsec logs:

      Jul 2 12:39:03 charon: 07[IKE] <29> found 1 matching config, but none allows pre-shared key authentication using Main Mode
      Jul 2 12:39:03 charon: 07[IKE] found 1 matching config, but none allows pre-shared key authentication using Main Mode

      However nothing has been changed on either side of the tunnel, I have pfsense 2.2.1 on one end and a Zywall on the other, both are set up as PSK in main mode.  Trouble is I have to ship the Zywall off to site pre configured, all but an IP address change once it gets to site, and am a little stuck now.

      Drac

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Double check your configuration. IKEv1, main mode? If you had something that worked, it came up, then you changed something so it no longer matches (like switching to IKEv2 for instance for that log), the already-negotiated connection would stay up for the lifetime. Then come time to rekey, it fails as the config is no longer valid.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.