IpSec doesn't work anymore when behind router
-
Hello everyone,
Unfortunately, my pfSense IP/Sec VPN connection does not work anymore since I am behind a new router.
My internet service provider has send me a new router and I cannot put it in bridge mode.Therefore, I have setup a DMZ host on my new router to my pfSense box.
Everything is working fine for now, except my IP/Sec VPN.Hope someone here has a clue. I have almost tried everything, but I cannot get it to work anymore.
My setup:
WAN IP –> Router from ISP --> 10.10.10.2 (DMZ) --> pfSense
Here is my connection log:
Feb 15 09:23:43 charon: 10[NET] <30> received packet: from 31.161.206.214[500] to 10.10.10.2[500] (763 bytes) Feb 15 09:23:43 charon: 10[ENC] <30> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ] Feb 15 09:23:43 charon: 10[IKE] <30> received FRAGMENTATION vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received NAT-T (RFC 3947) vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-08 vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-07 vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-06 vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-05 vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-04 vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-03 vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received XAuth vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received Cisco Unity vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> received DPD vendor ID Feb 15 09:23:43 charon: 10[IKE] <30> 31.161.206.214 is initiating a Aggressive Mode IKE_SA Feb 15 09:23:43 charon: 10[CFG] <30> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048 Feb 15 09:23:43 charon: 10[CFG] <30> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Feb 15 09:23:43 charon: 10[IKE] <30> no proposal found Feb 15 09:23:43 charon: 10[ENC] <30> generating INFORMATIONAL_V1 request 1996475904 [ N(NO_PROP) ] Feb 15 09:23:43 charon: 10[NET] <30> sending packet: from 10.10.10.2[500] to 31.161.206.214[500] (56 bytes) Feb 15 09:23:44 charon: 08[NET] <31> received packet: from 31.161.206.214[500] to 10.10.10.2[500] (763 bytes) Feb 15 09:23:44 charon: 08[ENC] <31> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ] Feb 15 09:23:44 charon: 08[IKE] <31> received FRAGMENTATION vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received NAT-T (RFC 3947) vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-08 vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-07 vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-06 vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-05 vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-04 vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-03 vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received XAuth vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received Cisco Unity vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> received DPD vendor ID Feb 15 09:23:44 charon: 08[IKE] <31> 31.161.206.214 is initiating a Aggressive Mode IKE_SA Feb 15 09:23:44 charon: 08[CFG] <31> looking for XAuthInitPSK peer configs matching 10.10.10.2...31.161.206.214[EwesVPN] Feb 15 09:23:44 charon: 08[CFG] <31> selected peer config "con1" Feb 15 09:23:44 charon: 08[ENC] <con1|31>generating AGGRESSIVE response 0 [ SA KE No ID V V V V NAT-D NAT-D HASH ] Feb 15 09:23:44 charon: 08[NET] <con1|31>sending packet: from 10.10.10.2[500] to 31.161.206.214[500] (412 bytes) Feb 15 09:23:48 charon: 07[IKE] <con1|31>sending retransmit 1 of response message ID 0, seq 1 Feb 15 09:23:48 charon: 07[NET] <con1|31>sending packet: from 10.10.10.2[500] to 31.161.206.214[500] (412 bytes) Feb 15 09:23:55 charon: 10[IKE] <con1|31>sending retransmit 2 of response message ID 0, seq 1 Feb 15 09:23:55 charon: 10[NET] <con1|31>sending packet: from 10.10.10.2[500] to 31.161.206.214[500] (412 bytes) Feb 15 09:24:08 charon: 07[IKE] <con1|31>sending retransmit 3 of response message ID 0, seq 1 Feb 15 09:24:08 charon: 07[NET] <con1|31>sending packet: from 10.10.10.2[500] to 31.161.206.214[500] (412 bytes) Feb 15 09:24:14 charon: 07[JOB] <con1|31>deleting half open IKE_SA after timeout</con1|31></con1|31></con1|31></con1|31></con1|31></con1|31></con1|31></con1|31></con1|31>