Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Site IPSec VPN with Sonicwall TZ-215 not working

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      the_joey_o
      last edited by

      I had a site to site VPN tunnel setup between my pfsense firewall and another site's Sonicwall TZ-215. I decided I wanted to try to improve the security of this by using better algorithms (AES-256 for example). After unsuccessfully trying that, I tried to put things back the way they were. I'm confident I have things back exactly as they were, but the tunnel will not come back up. Here's what my log shows:

      Dec 31 20:06:07	charon: 02[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Dec 31 20:06:07	charon: 02[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Dec 31 20:06:08	charon: 08[CFG] rereading secrets
Dec 31 20:06:08	charon: 08[CFG] rereading secrets
Dec 31 20:06:08	charon: 08[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Dec 31 20:06:08	charon: 08[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Dec 31 20:06:08	charon: 08[CFG] loaded IKE secret for %any 173.160.110.145
Dec 31 20:06:08	charon: 08[CFG] loaded IKE secret for %any 173.160.110.145
Dec 31 20:06:08	charon: 08[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Dec 31 20:06:08	charon: 08[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Dec 31 20:06:08	charon: 08[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Dec 31 20:06:08	charon: 08[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Dec 31 20:06:08	charon: 08[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Dec 31 20:06:08	charon: 08[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Dec 31 20:06:08	charon: 08[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Dec 31 20:06:08	charon: 08[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Dec 31 20:06:08	charon: 08[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Dec 31 20:06:08	charon: 08[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Dec 31 20:06:21	charon: 06[CFG] received stroke: terminate 'con1'
Dec 31 20:06:21	charon: 06[CFG] received stroke: terminate 'con1'
Dec 31 20:06:21	charon: 06[CFG] no IKE_SA named 'con1' found
Dec 31 20:06:21	charon: 06[CFG] no IKE_SA named 'con1' found
Dec 31 20:06:21	charon: 06[CFG] received stroke: initiate 'con1'
Dec 31 20:06:21	charon: 06[CFG] received stroke: initiate 'con1'
Dec 31 20:06:21	charon: 06[CFG] no config named 'con1'
Dec 31 20:06:21	charon: 06[CFG] no config named 'con1'
Dec 31 20:06:21	charon: 12[CFG] vici client 44 connected
Dec 31 20:06:21	charon: 12[CFG] vici client 44 connected
Dec 31 20:06:21	charon: 08[CFG] vici client 44 registered for: list-sa
Dec 31 20:06:21	charon: 08[CFG] vici client 44 registered for: list-sa
Dec 31 20:06:21	charon: 08[CFG] vici client 44 requests: list-sas
Dec 31 20:06:21	charon: 08[CFG] vici client 44 requests: list-sas
Dec 31 20:06:21	charon: 12[CFG] vici client 44 disconnected
Dec 31 20:06:21	charon: 12[CFG] vici client 44 disconnected
Dec 31 20:06:23	charon: 06[CFG] rereading secrets
Dec 31 20:06:23	charon: 06[CFG] rereading secrets
Dec 31 20:06:23	charon: 06[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Dec 31 20:06:23	charon: 06[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Dec 31 20:06:23	charon: 06[CFG] loaded IKE secret for %any 173.160.110.145
Dec 31 20:06:23	charon: 06[CFG] loaded IKE secret for %any 173.160.110.145
Dec 31 20:06:23	charon: 06[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Dec 31 20:06:23	charon: 06[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Dec 31 20:06:23	charon: 06[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Dec 31 20:06:23	charon: 06[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Dec 31 20:06:23	charon: 06[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Dec 31 20:06:23	charon: 06[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Dec 31 20:06:23	charon: 06[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Dec 31 20:06:23	charon: 06[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Dec 31 20:06:23	charon: 06[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Dec 31 20:06:23	charon: 06[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.