Ipsec between pfsense and lancom stopped working
-
hi,
it was working fine without any problems. without any changes on both sides it stopped working and i only see timeouts. but internet connection (ping, tracert, port check) is working.
ipsec log pfsense:
Jun 1 18:48:00 charon 05[IKE] <con1000|5>establishing IKE_SA failed, peer not responding Jun 1 18:48:00 charon 05[IKE] <con1000|5>giving up after 5 retransmits Jun 1 18:46:44 charon 05[NET] <con1000|5>sending packet: from 81.93.xxx.xxx[500] to 217.6.xxx.xxx[500] (184 bytes) Jun 1 18:46:44 charon 05[IKE] <con1000|5>sending retransmit 5 of request message ID 0, seq 1 Jun 1 18:46:02 charon 15[NET] <con1000|5>sending packet: from 81.93.xxx.xxx[500] to 217.6.xxx.xxx[500] (184 bytes)</con1000|5></con1000|5></con1000|5></con1000|5></con1000|5>
ipsec log lancom:
[VPN-Status] 2016/06/01 19:00:59,314 Devicetime: 2016/06/01 19:00:58,959 VPN: WAN state changed to WanProtocol for DELUXE_BL (81.93.xxx.xxx), called by: 009c72a4 [VPN-Status] 2016/06/01 19:00:59,314 Devicetime: 2016/06/01 19:00:58,970 IKE info: Phase-1 negotiation started for peer DELUXE_BL rule isakmp-peer-DELUXE_BL using MAIN mode [VPN-Status] 2016/06/01 19:01:29,317 Devicetime: 2016/06/01 19:01:28,960 VPN: connection for DELUXE_BL (81.93.xxx.xxx) timed out: no response [VPN-Status] 2016/06/01 19:01:29,317 Devicetime: 2016/06/01 19:01:28,960 VPN: disconnecting DELUXE_BL (81.93.xxx.xxx) [VPN-Status] 2016/06/01 19:01:29,317 Devicetime: 2016/06/01 19:01:28,960 VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for DELUXE_BL (81.93.xxx.xxx)
so in my eyes both sides says "no response from other side"… i dont know what i can do :(
Thx!
-
seems some nat problems or so, after deleting the state it was working again but how can i prevent this issue?
-
What states in particular did you delete? Only thing that comes to mind is if you had a port forward or 1:1 NAT overlapping, so it was directing that traffic to an internal host, or if you have manual or hybrid outbound NAT configured and are NATing the host's own traffic. Can't do either of those.
-
i have no 1:1 nat or port forward and the outbound nat rules are set to auto…
mhh so i have no idea why vpn is going down after some time and wont be reconnect :(