Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense IPsec Site to Site Issues

    Scheduled Pinned Locked Moved IPsec
    7 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Joseph Watever J
      last edited by

      Hi

      I have this netowrk architecture

      0_1545984475876_assa.PNG

      I want relink this two networks with each other

      I have done the following :

      Pfsense 1 :

      Disabled
      Key Exchange version : IKEv1
      Internet Protocol : IPv4
      Interface : WAN
      Remote Gateway : 117.X.X.X

      Phase 1 : Proposal (Authentication)
      Authentication Method : Mutual PSK
      Negotiation mode : Aggressive
      My identifier : 196.X.X.X
      Peer identifier : Peer IP address
      Pre-Shared Key : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

      Phase 1 Proposal (Encryption Algorithm)
      Encryption Algorithm : AES
      Key length : 256 bits
      Hash : SHA256
      DH Group : 14(2048)

      General Information
      phase 2 :

      Disabled : unchecked
      Mode : Tunnel IPV4
      Local Network : LAN subnet

      NAT/BINAT translation : none

      Remote Network : Network : 192.168.6.0/24
      and the same configuration in the phase 1

      I have used this configuration in Pfsense 2 (i have changed the IP address of corse)

      When i go to Status /IPsec /Overview and i click : connect VPN

      the state is always : disconnected

      i check the system log file :

      Dec 28 08:21:23 charon 12[CFG] vici client 311 connected
      Dec 28 08:21:23 charon 01[CFG] vici client 311 registered for: list-sa
      Dec 28 08:21:23 charon 12[CFG] vici client 311 requests: list-sas
      Dec 28 08:21:23 charon 12[CFG] vici client 311 disconnected

      1 Reply Last reply Reply Quote 0
      • J
        Joseph Watever J
        last edited by

        the service is ON , i have restarted the two services , but the same problem

        1 Reply Last reply Reply Quote 0
        • J
          Joseph Watever J
          last edited by Joseph Watever J

          i change the ike version to 2

          Dec 28 08:43:14 charon 01[IKE] <con1000|97> retransmit 2 of request with message ID 1
          Dec 28 08:43:14 charon 01[NET] <con1000|97> sending packet: from 192.168.100.9[4500] to 196.XXXX[4500] (272 bytes)
          Dec 28 08:43:14 charon 03[ENC] generating INFORMATIONAL response 0 [ N(INVAL_MAJOR) ]
          Dec 28 08:43:14 charon 03[NET] sending packet: from 192.168.100.9[4500] to 196.XXXX[4500] (36 bytes)
          Dec 28 08:43:14 charon 03[NET] received unsupported IKE version 0.0 from 196.XXXX, sending INVALID_MAJOR_VERSION

          K 1 Reply Last reply Reply Quote 0
          • K
            Konstanti @Joseph Watever J
            last edited by

            @joseph-watever-j
            Hey
            On router 196.X. X.X.X port forwarding enabled ?
            4500, 500-udp
            and ESP Protocol

            J 1 Reply Last reply Reply Quote 0
            • J
              Joseph Watever J @Konstanti
              last edited by

              @konstanti

              Yes it is open

              K 1 Reply Last reply Reply Quote 0
              • K
                Konstanti @Joseph Watever J
                last edited by

                @joseph-watever-j
                You can show logs IPSEC on Pfsense1 and Pfsense 2?

                J 1 Reply Last reply Reply Quote 0
                • J
                  Joseph Watever J @Konstanti
                  last edited by

                  @konstanti

                  i have put the log in my topic

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.