PfSense IPsec Site to Site Issues
-
Hi
I have this netowrk architecture
I want relink this two networks with each other
I have done the following :
Pfsense 1 :
Disabled
Key Exchange version : IKEv1
Internet Protocol : IPv4
Interface : WAN
Remote Gateway : 117.X.X.XPhase 1 : Proposal (Authentication)
Authentication Method : Mutual PSK
Negotiation mode : Aggressive
My identifier : 196.X.X.X
Peer identifier : Peer IP address
Pre-Shared Key : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXPhase 1 Proposal (Encryption Algorithm)
Encryption Algorithm : AES
Key length : 256 bits
Hash : SHA256
DH Group : 14(2048)General Information
phase 2 :Disabled : unchecked
Mode : Tunnel IPV4
Local Network : LAN subnetNAT/BINAT translation : none
Remote Network : Network : 192.168.6.0/24
and the same configuration in the phase 1I have used this configuration in Pfsense 2 (i have changed the IP address of corse)
When i go to Status /IPsec /Overview and i click : connect VPN
the state is always : disconnected
i check the system log file :
Dec 28 08:21:23 charon 12[CFG] vici client 311 connected
Dec 28 08:21:23 charon 01[CFG] vici client 311 registered for: list-sa
Dec 28 08:21:23 charon 12[CFG] vici client 311 requests: list-sas
Dec 28 08:21:23 charon 12[CFG] vici client 311 disconnected -
the service is ON , i have restarted the two services , but the same problem
-
i change the ike version to 2
Dec 28 08:43:14 charon 01[IKE] <con1000|97> retransmit 2 of request with message ID 1
Dec 28 08:43:14 charon 01[NET] <con1000|97> sending packet: from 192.168.100.9[4500] to 196.XXXX[4500] (272 bytes)
Dec 28 08:43:14 charon 03[ENC] generating INFORMATIONAL response 0 [ N(INVAL_MAJOR) ]
Dec 28 08:43:14 charon 03[NET] sending packet: from 192.168.100.9[4500] to 196.XXXX[4500] (36 bytes)
Dec 28 08:43:14 charon 03[NET] received unsupported IKE version 0.0 from 196.XXXX, sending INVALID_MAJOR_VERSION -
@joseph-watever-j
Hey
On router 196.X. X.X.X port forwarding enabled ?
4500, 500-udp
and ESP Protocol -
Yes it is open
-
@joseph-watever-j
You can show logs IPSEC on Pfsense1 and Pfsense 2? -
i have put the log in my topic