IPSec Tunnels Not Working after upgrading to v2.5 CE
-
Hi,
I have been using for a few months now and I was able establish the ipsec tunnels between 2 PFSENSE firewalls and also between PFSENSE and SOPHOS firewall. Well all tunnels were seemed to be working fine till I upgraded to pfsense v2.5 and now after the update one of the pfsense firewalls has stopped to connect the ipsec tunnels. Out of the 4 tunnels 3 are not working and 1 is working but its not very reliable as it disconnects alot of time.
Here is the log and swanctl.conf which I read in another post and thought that I must post it I have been trying to fix this my self for the past few days intermittently but to no avail a help on this would be deeply appreciated.
Here is my network map and I am using FQDN instead of the IP addresses for better understanding since IP Addresses are not intuitive.
-
Hi
In your case, you need to look at the logs from the side of SophosMar 7 16:47:44 firewall charon[77898]: 06[NET] <con9000|214> received packet: from sophos_ip_address[500] to pf_sense_ip_address[500] (36 bytes) Mar 7 16:47:44 firewall charon[77898]: 06[ENC] <con9000|214> parsed IKE_SA_INIT response 0 [ N(NO_PROP) ] Mar 7 16:47:44 firewall charon[77898]: 06[IKE] <con9000|214> received NO_PROPOSAL_CHOSEN notify error
The NO_PROPOSAL_CHOSEN error in phase 1 may be caused by
- Phase 1 Encryption Algorithm Mismatch
or - Phase 1 Hash Algorithm Mismatch
or - Phase 1 DH Group Mismatch
https://docs.netgate.com/pfsense/en/latest/troubleshooting/ipsec.html
- Phase 1 Encryption Algorithm Mismatch