IPSec just stopped working, no changes, not sure why.



  • So my IPsec channels have been working perfectly until sometime this morning.

    AFAIK nothing has changed. OpenVPN into the PFsense FW are fine.

    Pfsense to ASA5505. Multiple child SA and has been stable since I got it going correctly until now. PFsense hasn't updated itself and is 2.3.2-RELEASE-p1 (amd64)    (ASA5505 firmware has not been updated either).

    Logs show the following:

    Jan 9 20:02:36 charon 09[KNL] creating acquire job for policy myip/32|/0 === peerip/32|/0 with reqid {1}
    Jan 9 20:02:36 charon 15[CFG] ignoring acquire, connection attempt pending
    Jan 9 20:02:37 charon 09[KNL] creating acquire job for policy myip/32|/0 === peerip/32|/0 with reqid {2}
    Jan 9 20:02:37 charon 14[CFG] ignoring acquire, connection attempt pending

    Google/search hasn't given me anything. I have restarted both the PFsense FW and the ASA FW to no avail. Basically I am out of ideas as the configuration should be fine, has been running without issue.

    Any ideas or suggestions of what to check would be greatly appreciated.

    Edit: I should also note that the ASA5505 has another IPsec channel to a different site (also pfsense) which is working fine.


  • LAYER 8 Netgate

    Yeah that is one second of logs that shows charon not taking action because it is waiting for another action to complete, which is perfectly normal.

    Going to need more logs than that. Set IKE SA, IKE Child SA, and Configuration backend logging to Diag and post them up.

    Sounds like an ISP might have done something.


Log in to reply