IPSec Tunnel Stopped Working…
-
I had an IPsec tunnel running between two PFSense boxes. Since updating both to v2.2.5, my tunnel does not start. My log looks like this…
Dec 18 21:43:57 ipsec_starter[75407]: Starting strongSwan 5.3.3 IPsec [starter]…
Dec 18 21:43:57 ipsec_starter[75407]: no netkey IPsec stack detected
Dec 18 21:43:57 ipsec_starter[75407]: no KLIPS IPsec stack detected
Dec 18 21:43:57 ipsec_starter[75407]: no known IPsec stack detected, ignoring!
Dec 18 21:43:57 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.3, FreeBSD 10.1-RELEASE-p24, i386)
Dec 18 21:43:57 charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
Dec 18 21:43:57 charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Dec 18 21:43:57 charon: 00[CFG] ipseckey plugin is disabled
Dec 18 21:43:57 charon: 00[CFG] loading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Dec 18 21:43:57 charon: 00[CFG] loading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Dec 18 21:43:57 charon: 00[CFG] loading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Dec 18 21:43:57 charon: 00[CFG] loading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Dec 18 21:43:57 charon: 00[CFG] loading crls from '/var/etc/ipsec/ipsec.d/crls'
Dec 18 21:43:57 charon: 00[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Dec 18 21:43:57 charon: 00[CFG] loaded IKE secret for %any 192.64.119.254
Dec 18 21:43:57 charon: 00[CFG] opening triplet file /var/etc/ipsec/ipsec.d/triplets.dat failed: No such file or directory
Dec 18 21:43:57 charon: 00[CFG] loaded 0 RADIUS server configurations
Dec 18 21:43:57 charon: 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-sim eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock unity
Dec 18 21:43:57 charon: 00[JOB] spawning 16 worker threads
Dec 18 21:43:57 ipsec_starter[76120]: charon (76489) started after 280 ms
Dec 18 21:43:57 charon: 06[CFG] received stroke: add connection 'bypasslan'
Dec 18 21:43:57 charon: 06[CFG] added configuration 'bypasslan'
Dec 18 21:43:57 charon: 16[CFG] received stroke: route 'bypasslan'
Dec 18 21:43:57 ipsec_starter[76120]: 'bypasslan' shunt PASS policy installed
Dec 18 21:43:57 ipsec_starter[76120]:
Dec 18 21:43:57 charon: 06[CFG] received stroke: add connection 'con1000'
Dec 18 21:43:57 charon: 06[CFG] added configuration 'con1000'
Dec 18 21:43:57 charon: 15[CFG] received stroke: route 'con1000'
Dec 18 21:43:57 ipsec_starter[76120]: 'con1000' routed
Dec 18 21:43:57 ipsec_starter[76120]:
Dec 18 21:44:09 charon: 15[KNL] creating acquire job for policy 108.204.255.165/32|/0 === 192.64.119.254/32|/0 with reqid {1}
Dec 18 21:44:09 charon: 15[IKE] <con1000|1>initiating Main Mode IKE_SA con1000[1] to 192.64.119.254
Dec 18 21:44:09 charon: 15[ENC] <con1000|1>generating ID_PROT request 0 [ SA V V V V V V ]
Dec 18 21:44:09 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
Dec 18 21:44:13 charon: 15[IKE] <con1000|1>sending retransmit 1 of request message ID 0, seq 1
Dec 18 21:44:13 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
Dec 18 21:44:20 charon: 15[IKE] <con1000|1>sending retransmit 2 of request message ID 0, seq 1
Dec 18 21:44:20 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
Dec 18 21:44:33 charon: 15[IKE] <con1000|1>sending retransmit 3 of request message ID 0, seq 1
Dec 18 21:44:33 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
Dec 18 21:44:54 charon: 14[KNL] creating acquire job for policy 108.204.255.165/32|/0 === 192.64.119.254/32|/0 with reqid {1}
Dec 18 21:44:54 charon: 15[CFG] ignoring acquire, connection attempt pending
Dec 18 21:44:56 charon: 13[IKE] <con1000|1>sending retransmit 4 of request message ID 0, seq 1
Dec 18 21:44:56 charon: 13[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
Dec 18 21:45:38 charon: 14[IKE] <con1000|1>sending retransmit 5 of request message ID 0, seq 1
Dec 18 21:45:38 charon: 14[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
Dec 18 21:45:39 charon: 14[KNL] creating acquire job for policy 108.204.255.165/32|/0 === 192.64.119.254/32|/0 with reqid {1}
Dec 18 21:45:39 charon: 13[CFG] ignoring acquire, connection attempt pendingAny suggestions?</con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1>