Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec failure after upgrade to 2.3 - resolved

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MiroM
      last edited by

      https://forum.pfsense.org/index.php?topic=111262.0
      is a topic in this forum "Version 2.3 IPSec both sides" started by "cpirasa"
      where I commented with "I have the same problem …"
      After that I was trying to resolve it and finally it is working again.

      I have 2 pfSense firewalls (both on PC engines boards) and I had working
      IPsec between them on version 2.2.6
      After I upgraded both of them to 2.3 IPsec would not connect.
      Below are logs the from both sides.

      May 4 11:47:27    charon      15[IKE] <con3000|20>received NO_PROPOSAL_CHOSEN error notify
      May 4 11:47:27    charon      15[ENC] <con3000|20>parsed INFORMATIONAL_V1 request 3826032390 [ N(NO_PROP) ]
      May 4 11:47:27    charon      15[NET] <con3000|20>received packet: from xxxx [500] to xxxx [500] (40 bytes)
      May 4 11:47:27    charon      15[NET] <con3000|20>sending packet: from xxxx [500] to xxxx [500] (180 bytes)
      May 4 11:47:27    charon      15[ENC] <con3000|20>generating ID_PROT request 0 [ SA V V V V V ]
      May 4 11:47:27    charon      15[IKE] <con3000|20>initiating Main Mode IKE_SA con3000[20] to xxxx
      May 4 11:47:27    charon      07[KNL] creating acquire job for policy xxxx /32|/0 === xxxx /32|/0 with reqid {9}

      May 4 11:47:27    charon      12[NET] <15> sending packet: from xxxx [500] to xxxx [500] (40 bytes)
      May 4 11:47:27    charon      12[ENC] <15> generating INFORMATIONAL_V1 request 3826032390 [ N(NO_PROP) ]
      May 4 11:47:27    charon      12[IKE] <15> no IKE config found for xxxx … xxxx , sending NO_PROPOSAL_CHOSEN
      May 4 11:47:27    charon      12[ENC] <15> parsed ID_PROT request 0 [ SA V V V V V ]
      May 4 11:47:27    charon      12[NET] <15> received packet: from xxxx [500] to xxxx [500] (180 bytes)

      I tried changing configs, restarting the service, …  nothing helped !

      I am only guessing, but I think the important info in the logs was no IKE config found.
      I made the steps which made it work again on the side where this was in the logs.
      Here they are:

      • stop the ipsec service
      • delete all IPsec configuratios
      • restart the firewall
      • enter all config again
      • restart ipsec service

      I do not know if all steps are really necessary, but this is exactly what I did and it helped me.
      Maybe it will help someone else …

      Regards Miro
      http://www.rsmm.si</con3000|20></con3000|20></con3000|20></con3000|20></con3000|20></con3000|20>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.