Connection not staying up for long?
-
This is pfsense to an ubiquiti, any clue from these logs?
It states packets being received, and IKE established etc, but within a few minutes, it will be down again.
I've replaced the real IPs with either PFSENSEIP or UBIQIP.
Is the Ubiquiti end refusing it and therefore its retrying?
Nov 15 12:10:41 charon 16[NET] <con1000|166> received packet: from UBIQIP[500] to PFSENSEIP[500] (220 bytes) Nov 15 12:10:41 charon 16[ENC] <con1000|166> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] Nov 15 12:10:41 charon 16[ENC] <con1000|166> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] Nov 15 12:10:41 charon 16[NET] <con1000|166> sending packet: from PFSENSEIP[500] to UBIQIP[500] (92 bytes) Nov 15 12:10:41 charon 16[NET] <con1000|166> received packet: from UBIQIP[500] to PFSENSEIP[500] (60 bytes) Nov 15 12:10:41 charon 16[ENC] <con1000|166> parsed ID_PROT response 0 [ ID HASH ] Nov 15 12:10:41 charon 16[IKE] <con1000|166> IKE_SA con1000[166] established between PFSENSEIP[PFSENSEIP]...UBIQIP[UBIQIP] Nov 15 12:10:41 charon 16[ENC] <con1000|166> generating QUICK_MODE request 3770437658 [ HASH SA No ID ID ] Nov 15 12:10:41 charon 16[NET] <con1000|166> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes) Nov 15 12:10:41 charon 12[NET] <con1000|166> received packet: from UBIQIP[500] to PFSENSEIP[500] (76 bytes) Nov 15 12:10:41 charon 12[ENC] <con1000|166> parsed INFORMATIONAL_V1 request 3932422409 [ HASH D ] Nov 15 12:10:41 charon 12[IKE] <con1000|166> received DELETE for IKE_SA con1000[166] Nov 15 12:10:41 charon 12[IKE] <con1000|166> deleting IKE_SA con1000[166] between PFSENSEIP[PFSENSEIP]...UBIQIP[UBIQIP] Nov 15 12:10:41 charon 12[IKE] <con1000|166> initiating Main Mode IKE_SA con1000[167] to UBIQIP Nov 15 12:10:41 charon 12[ENC] <con1000|166> generating ID_PROT request 0 [ SA V V V V V ] Nov 15 12:10:41 charon 12[NET] <con1000|166> sending packet: from PFSENSEIP[500] to UBIQIP[500] (176 bytes) Nov 15 12:10:41 charon 12[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (172 bytes) Nov 15 12:10:41 charon 12[ENC] <con1000|167> parsed ID_PROT response 0 [ SA V V V V V ] Nov 15 12:10:41 charon 12[IKE] <con1000|167> received strongSwan vendor ID Nov 15 12:10:41 charon 12[IKE] <con1000|167> received Cisco Unity vendor ID Nov 15 12:10:41 charon 12[IKE] <con1000|167> received XAuth vendor ID Nov 15 12:10:41 charon 12[IKE] <con1000|167> received DPD vendor ID Nov 15 12:10:41 charon 12[IKE] <con1000|167> received NAT-T (RFC 3947) vendor ID Nov 15 12:10:41 charon 12[ENC] <con1000|167> generating ID_PROT request 0 [ KE No NAT-D NAT-D ] Nov 15 12:10:41 charon 12[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (236 bytes) Nov 15 12:10:41 charon 12[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (220 bytes) Nov 15 12:10:41 charon 12[ENC] <con1000|167> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] Nov 15 12:10:41 charon 12[ENC] <con1000|167> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] Nov 15 12:10:41 charon 12[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (92 bytes) Nov 15 12:10:41 charon 12[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (76 bytes) Nov 15 12:10:41 charon 12[ENC] <con1000|167> invalid HASH_V1 payload length, decryption failed? Nov 15 12:10:41 charon 12[ENC] <con1000|167> could not decrypt payloads Nov 15 12:10:41 charon 12[IKE] <con1000|167> message parsing failed Nov 15 12:10:41 charon 12[IKE] <con1000|167> ignore malformed INFORMATIONAL request Nov 15 12:10:41 charon 12[IKE] <con1000|167> INFORMATIONAL_V1 request with message ID 2744582940 processing failed Nov 15 12:10:41 charon 09[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (60 bytes) Nov 15 12:10:41 charon 09[ENC] <con1000|167> parsed ID_PROT response 0 [ ID HASH ] Nov 15 12:10:41 charon 09[IKE] <con1000|167> IKE_SA con1000[167] established between PFSENSEIP[PFSENSEIP]...UBIQIP[UBIQIP] Nov 15 12:10:41 charon 09[ENC] <con1000|167> generating QUICK_MODE request 3262719159 [ HASH SA No ID ID ] Nov 15 12:10:41 charon 09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes) Nov 15 12:10:45 charon 09[IKE] <con1000|167> sending retransmit 1 of request message ID 3262719159, seq 4 Nov 15 12:10:45 charon 09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes) Nov 15 12:10:52 charon 08[IKE] <con1000|167> sending retransmit 2 of request message ID 3262719159, seq 4 Nov 15 12:10:52 charon 08[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes) Nov 15 12:11:05 charon 09[IKE] <con1000|167> sending retransmit 3 of request message ID 3262719159, seq 4 Nov 15 12:11:05 charon 09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes) Nov 15 12:11:29 charon 08[IKE] <con1000|167> sending retransmit 4 of request message ID 3262719159, seq 4 Nov 15 12:11:29 charon 08[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes) Nov 15 12:12:11 charon 09[IKE] <con1000|167> sending retransmit 5 of request message ID 3262719159, seq 4 Nov 15 12:12:11 charon 09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)</con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166>
-
I can't offer much in the way of support but I have noticed similar issues with IOS -> pfsense.