Ipsec between pfsense and lancom stopped working



  • hi,

    it was working fine without any problems. without any changes on both sides it stopped working and i only see timeouts. but internet connection (ping, tracert, port check) is working.

    ipsec log pfsense:

    Jun 1 18:48:00 	charon 		05[IKE] <con1000|5>establishing IKE_SA failed, peer not responding
    Jun 1 18:48:00 	charon 		05[IKE] <con1000|5>giving up after 5 retransmits
    Jun 1 18:46:44 	charon 		05[NET] <con1000|5>sending packet: from 81.93.xxx.xxx[500] to 217.6.xxx.xxx[500] (184 bytes)
    Jun 1 18:46:44 	charon 		05[IKE] <con1000|5>sending retransmit 5 of request message ID 0, seq 1
    Jun 1 18:46:02 	charon 		15[NET] <con1000|5>sending packet: from 81.93.xxx.xxx[500] to 217.6.xxx.xxx[500] (184 bytes)</con1000|5></con1000|5></con1000|5></con1000|5></con1000|5> 
    

    ipsec log lancom:

    [VPN-Status] 2016/06/01 19:00:59,314  Devicetime: 2016/06/01 19:00:58,959
    VPN: WAN state changed to WanProtocol for DELUXE_BL (81.93.xxx.xxx), called by: 009c72a4
    
    [VPN-Status] 2016/06/01 19:00:59,314  Devicetime: 2016/06/01 19:00:58,970
    IKE info: Phase-1 negotiation started for peer DELUXE_BL rule isakmp-peer-DELUXE_BL using MAIN mode
    
    [VPN-Status] 2016/06/01 19:01:29,317  Devicetime: 2016/06/01 19:01:28,960
    VPN: connection for DELUXE_BL (81.93.xxx.xxx) timed out: no response
    
    [VPN-Status] 2016/06/01 19:01:29,317  Devicetime: 2016/06/01 19:01:28,960
    VPN: disconnecting DELUXE_BL (81.93.xxx.xxx)
    
    [VPN-Status] 2016/06/01 19:01:29,317  Devicetime: 2016/06/01 19:01:28,960
    VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for DELUXE_BL (81.93.xxx.xxx)
    
    

    so in my eyes both sides says "no response from other side"… i dont know what i can do :(

    Thx!



  • seems some nat problems or so, after deleting the state it was working again but how can i prevent this issue?



  • What states in particular did you delete? Only thing that comes to mind is if you had a port forward or 1:1 NAT overlapping, so it was directing that traffic to an internal host, or if you have manual or hybrid outbound NAT configured and are NATing the host's own traffic. Can't do either of those.



  • i have no 1:1 nat or port forward and the outbound nat rules are set to auto…

    mhh so i have no idea why vpn is going down after some time and wont be reconnect :(