Connection not staying up for long?



  • This is pfsense to an ubiquiti, any clue from these logs?

    It states packets being received, and IKE established etc, but within a few minutes, it will be down again.

    I've replaced the real IPs with either PFSENSEIP or UBIQIP.

    Is the Ubiquiti end refusing it and therefore its retrying?

    Nov 15 12:10:41	charon		16[NET] <con1000|166> received packet: from UBIQIP[500] to PFSENSEIP[500] (220 bytes)
    Nov 15 12:10:41	charon		16[ENC] <con1000|166> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Nov 15 12:10:41	charon		16[ENC] <con1000|166> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    Nov 15 12:10:41	charon		16[NET] <con1000|166> sending packet: from PFSENSEIP[500] to UBIQIP[500] (92 bytes)
    Nov 15 12:10:41	charon		16[NET] <con1000|166> received packet: from UBIQIP[500] to PFSENSEIP[500] (60 bytes)
    Nov 15 12:10:41	charon		16[ENC] <con1000|166> parsed ID_PROT response 0 [ ID HASH ]
    Nov 15 12:10:41	charon		16[IKE] <con1000|166> IKE_SA con1000[166] established between PFSENSEIP[PFSENSEIP]...UBIQIP[UBIQIP]
    Nov 15 12:10:41	charon		16[ENC] <con1000|166> generating QUICK_MODE request 3770437658 [ HASH SA No ID ID ]
    Nov 15 12:10:41	charon		16[NET] <con1000|166> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
    Nov 15 12:10:41	charon		12[NET] <con1000|166> received packet: from UBIQIP[500] to PFSENSEIP[500] (76 bytes)
    Nov 15 12:10:41	charon		12[ENC] <con1000|166> parsed INFORMATIONAL_V1 request 3932422409 [ HASH D ]
    Nov 15 12:10:41	charon		12[IKE] <con1000|166> received DELETE for IKE_SA con1000[166]
    Nov 15 12:10:41	charon		12[IKE] <con1000|166> deleting IKE_SA con1000[166] between PFSENSEIP[PFSENSEIP]...UBIQIP[UBIQIP]
    Nov 15 12:10:41	charon		12[IKE] <con1000|166> initiating Main Mode IKE_SA con1000[167] to UBIQIP
    Nov 15 12:10:41	charon		12[ENC] <con1000|166> generating ID_PROT request 0 [ SA V V V V V ]
    Nov 15 12:10:41	charon		12[NET] <con1000|166> sending packet: from PFSENSEIP[500] to UBIQIP[500] (176 bytes)
    Nov 15 12:10:41	charon		12[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (172 bytes)
    Nov 15 12:10:41	charon		12[ENC] <con1000|167> parsed ID_PROT response 0 [ SA V V V V V ]
    Nov 15 12:10:41	charon		12[IKE] <con1000|167> received strongSwan vendor ID
    Nov 15 12:10:41	charon		12[IKE] <con1000|167> received Cisco Unity vendor ID
    Nov 15 12:10:41	charon		12[IKE] <con1000|167> received XAuth vendor ID
    Nov 15 12:10:41	charon		12[IKE] <con1000|167> received DPD vendor ID
    Nov 15 12:10:41	charon		12[IKE] <con1000|167> received NAT-T (RFC 3947) vendor ID
    Nov 15 12:10:41	charon		12[ENC] <con1000|167> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Nov 15 12:10:41	charon		12[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (236 bytes)
    Nov 15 12:10:41	charon		12[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (220 bytes)
    Nov 15 12:10:41	charon		12[ENC] <con1000|167> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Nov 15 12:10:41	charon		12[ENC] <con1000|167> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    Nov 15 12:10:41	charon		12[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (92 bytes)
    Nov 15 12:10:41	charon		12[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (76 bytes)
    Nov 15 12:10:41	charon		12[ENC] <con1000|167> invalid HASH_V1 payload length, decryption failed?
    Nov 15 12:10:41	charon		12[ENC] <con1000|167> could not decrypt payloads
    Nov 15 12:10:41	charon		12[IKE] <con1000|167> message parsing failed
    Nov 15 12:10:41	charon		12[IKE] <con1000|167> ignore malformed INFORMATIONAL request
    Nov 15 12:10:41	charon		12[IKE] <con1000|167> INFORMATIONAL_V1 request with message ID 2744582940 processing failed
    Nov 15 12:10:41	charon		09[NET] <con1000|167> received packet: from UBIQIP[500] to PFSENSEIP[500] (60 bytes)
    Nov 15 12:10:41	charon		09[ENC] <con1000|167> parsed ID_PROT response 0 [ ID HASH ]
    Nov 15 12:10:41	charon		09[IKE] <con1000|167> IKE_SA con1000[167] established between PFSENSEIP[PFSENSEIP]...UBIQIP[UBIQIP]
    Nov 15 12:10:41	charon		09[ENC] <con1000|167> generating QUICK_MODE request 3262719159 [ HASH SA No ID ID ]
    Nov 15 12:10:41	charon		09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
    Nov 15 12:10:45	charon		09[IKE] <con1000|167> sending retransmit 1 of request message ID 3262719159, seq 4
    Nov 15 12:10:45	charon		09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
    Nov 15 12:10:52	charon		08[IKE] <con1000|167> sending retransmit 2 of request message ID 3262719159, seq 4
    Nov 15 12:10:52	charon		08[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
    Nov 15 12:11:05	charon		09[IKE] <con1000|167> sending retransmit 3 of request message ID 3262719159, seq 4
    Nov 15 12:11:05	charon		09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
    Nov 15 12:11:29	charon		08[IKE] <con1000|167> sending retransmit 4 of request message ID 3262719159, seq 4
    Nov 15 12:11:29	charon		08[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)
    Nov 15 12:12:11	charon		09[IKE] <con1000|167> sending retransmit 5 of request message ID 3262719159, seq 4
    Nov 15 12:12:11	charon		09[NET] <con1000|167> sending packet: from PFSENSEIP[500] to UBIQIP[500] (164 bytes)</con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|167></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166></con1000|166>
    


  • I can't offer much in the way of support but I have noticed similar issues with IOS -> pfsense.