Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connection not staying up for long?

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 770 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      adfo
      last edited by

      This is pfsense to an ubiquiti, any clue from these logs?

      It states packets being received, and IKE established etc, but within a few minutes, it will be down again.

      I've replaced the real IPs with either PFSENSEIP or UBIQIP.

      Is the Ubiquiti end refusing it and therefore its retrying?

      Nov 15 12:10:41	charon		16[NET] <con1000|166> received packet: from UBIQIP[500] to PFSENSEIP[500] (220 bytes)
      Nov 15 12:10:41	charon		16[ENC] <con1000|166> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
      Nov 15 12:10:41	charon		16[ENC] <con1000|166> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
      Nov 15 12:10:41	charon		16[NET] <con1000|166> sending packet: from PFSENSEIP[500] to UBIQIP[500] (92 bytes)
      Nov 15 12:10:41	charon		16[NET] <con1000|166> received packet: from UBIQIP[500] to PFSENSEIP[500] (60 bytes)
      Nov 15 12:10:41	charon		16[ENC] <con1000|166> parsed ID_PROT response 0 [ ID HASH ]
      Nov 15 12:10:41	charon		16[IKE] <con1000|166> IKE_SA con1000[166] established between PFSENSEIP[PFSENSEIP]...UBIQIP[UBIQIP]
      Nov 15 12:10:41	charon		16[ENC] <con1000|166> generating QUICK_MODE request 3770437658 [ HASH SA No ID ID ]
      Nov 15 12:10:41	charon		16[NET] <con1000|166> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
      Nov 15 12:10:41	charon		12[NET] <con1000|166> received packet: from UBIQIP[500] to PFSENSEIP[500] (76 bytes)
      Nov 15 12:10:41	charon		12[ENC] <con1000|166> parsed INFORMATIONAL_V1 request 3932422409 [ HASH D ]
      Nov 15 12:10:41	charon		12[IKE] <con1000|166> received DELETE for IKE_SA con1000[166]
      Nov 15 12:10:41	charon		12[IKE] <con1000|166> deleting IKE_SA con1000[166] between PFSENSEIP[PFSENSEIP]...UBIQIP[UBIQIP]
      Nov 15 12:10:41	charon		12[IKE] <con1000|166> initiating Main Mode IKE_SA con1000[167] to UBIQIP
      Nov 15 12:10:41	charon		12[ENC] <con1000|166> generating ID_PROT request 0 [ SA V V V V V ]
      Nov 15 12:10:41	charon		12[NET] <con1000|166> sending packet: from PFSENSEIP[500] to UBIQIP[500] (176 bytes)
      Nov 15 12:10:41	charon		12[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (172 bytes)
      Nov 15 12:10:41	charon		12[ENC] <con1000|167> parsed ID_PROT response 0 [ SA V V V V V ]
      Nov 15 12:10:41	charon		12[IKE] <con1000|167> received strongSwan vendor ID
      Nov 15 12:10:41	charon		12[IKE] <con1000|167> received Cisco Unity vendor ID
      Nov 15 12:10:41	charon		12[IKE] <con1000|167> received XAuth vendor ID
      Nov 15 12:10:41	charon		12[IKE] <con1000|167> received DPD vendor ID
      Nov 15 12:10:41	charon		12[IKE] <con1000|167> received NAT-T (RFC 3947) vendor ID
      Nov 15 12:10:41	charon		12[ENC] <con1000|167> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
      Nov 15 12:10:41	charon		12[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (236 bytes)
      Nov 15 12:10:41	charon		12[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (220 bytes)
      Nov 15 12:10:41	charon		12[ENC] <con1000|167> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
      Nov 15 12:10:41	charon		12[ENC] <con1000|167> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
      Nov 15 12:10:41	charon		12[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (92 bytes)
      Nov 15 12:10:41	charon		12[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (76 bytes)
      Nov 15 12:10:41	charon		12[ENC] <con1000|167> invalid HASH_V1 payload length, decryption failed?
      Nov 15 12:10:41	charon		12[ENC] <con1000|167> could not decrypt payloads
      Nov 15 12:10:41	charon		12[IKE] <con1000|167> message parsing failed
      Nov 15 12:10:41	charon		12[IKE] <con1000|167> ignore malformed INFORMATIONAL request
      Nov 15 12:10:41	charon		12[IKE] <con1000|167> INFORMATIONAL_V1 request with message ID 2744582940 processing failed
      Nov 15 12:10:41	charon		09[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (60 bytes)
      Nov 15 12:10:41	charon		09[ENC] <con1000|167> parsed ID_PROT response 0 [ ID HASH ]
      Nov 15 12:10:41	charon		09[IKE] <con1000|167> IKE_SA con1000[167] established between PFSENSEIP[PFSENSEIP]...UBIQIP[UBIQIP]
      Nov 15 12:10:41	charon		09[ENC] <con1000|167> generating QUICK_MODE request 3262719159 [ HASH SA No ID ID ]
      Nov 15 12:10:41	charon		09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
      Nov 15 12:10:45	charon		09[IKE] <con1000|167> sending retransmit 1 of request message ID 3262719159, seq 4
      Nov 15 12:10:45	charon		09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
      Nov 15 12:10:52	charon		08[IKE] <con1000|167> sending retransmit 2 of request message ID 3262719159, seq 4
      Nov 15 12:10:52	charon		08[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
      Nov 15 12:11:05	charon		09[IKE] <con1000|167> sending retransmit 3 of request message ID 3262719159, seq 4
      Nov 15 12:11:05	charon		09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
      Nov 15 12:11:29	charon		08[IKE] <con1000|167> sending retransmit 4 of request message ID 3262719159, seq 4
      Nov 15 12:11:29	charon		08[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
      Nov 15 12:12:11	charon		09[IKE] <con1000|167> sending retransmit 5 of request message ID 3262719159, seq 4
      Nov 15 12:12:11	charon		09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)</con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166>
      
      1 Reply Last reply Reply Quote 0
      • S Offline
        SirRob
        last edited by

        I can't offer much in the way of support but I have noticed similar issues with IOS -> pfsense.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.