PF-60D IPSEC tunnel SA error

khamamo

Hello Everyone,

I am trying to build an IPSEC tunnel between my pfsense fw and a fortigate 60D fw but it is not working and I have a hard time to understand the reason behind that.

Logs in PF showing that there showing an invalid SA (always checkout in this phase). and i checked everything related to SA and couldn't find any mismatch.

I tried to build another tunnel with Juniper SSG20 with same result except SSG20 logs didn't show any logs from the tunnel, it is like it is a ghost  :o

Attached the ph1, ph2, logs config for pf side. Also attached logs of 60D and below the configs.

edit "VPN-xxxx"
        set type ddns
        set interface "wan1"
        set proposal 3des-sha1
        set comments "for test purpose"
        set dhgrp 2
        set remotegw-ddns "xxxx"
        set psksecret ENC xxxx
    next
end

 edit "VPN-xxxxx"
        set phase1name "VPN-xxxxx"
        set proposal 3des-sha1
        set pfs disable
        set keylifeseconds 3600
        set src-subnet 172.16.208.0 255.255.255.0
        set dst-subnet 172.16.206.0 255.255.255.0
    next
end

```![phase1.jpg](/public/_imported_attachments_/1/phase1.jpg)
![phase1.jpg_thumb](/public/_imported_attachments_/1/phase1.jpg_thumb)
![phase2.jpg](/public/_imported_attachments_/1/phase2.jpg)
![phase2.jpg_thumb](/public/_imported_attachments_/1/phase2.jpg_thumb)
![pf logs.jpg](/public/_imported_attachments_/1/pf logs.jpg)
![pf logs.jpg_thumb](/public/_imported_attachments_/1/pf logs.jpg_thumb)
![60D logs.jpg](/public/_imported_attachments_/1/60D logs.jpg)
![60D logs.jpg_thumb](/public/_imported_attachments_/1/60D logs.jpg_thumb)

khamamo

Can anyone at least guide me to the right location for the material regarding IPSEC troubleshooting in PFSENSE

jimp

https://doc.pfsense.org/index.php/IPsec_Troubleshooting

Set the log options as described there and see if you can initiate from the Fortigate side. Even if it doesn't work, the logs will be much more useful in that direction.

Odds are you have a P1 or P2 mismatch