Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IpSec doesn't work anymore when behind router

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 619 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • -
      -Sonic- 0
      last edited by

      Hello everyone,

      Unfortunately, my pfSense IP/Sec VPN connection does not work anymore since I am behind a new router.
      My internet service provider has send me a new router and I cannot put it in bridge mode.

      Therefore, I have setup a DMZ host on my new router to my pfSense box.
      Everything is working fine for now, except my IP/Sec VPN.

      Hope someone here has a clue. I have almost tried everything, but I cannot get it to work anymore.

      My setup:

      WAN IP  –>  Router from ISP --> 10.10.10.2 (DMZ) --> pfSense

      Here is my connection log:

      
      Feb 15 09:23:43	charon: 10[NET] <30> received packet: from 31.161.206.214[500] to 10.10.10.2[500] (763 bytes)
      Feb 15 09:23:43	charon: 10[ENC] <30> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Feb 15 09:23:43	charon: 10[IKE] <30> received FRAGMENTATION vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received NAT-T (RFC 3947) vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received XAuth vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received Cisco Unity vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> received DPD vendor ID
      Feb 15 09:23:43	charon: 10[IKE] <30> 31.161.206.214 is initiating a Aggressive Mode IKE_SA
      Feb 15 09:23:43	charon: 10[CFG] <30> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
      Feb 15 09:23:43	charon: 10[CFG] <30> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Feb 15 09:23:43	charon: 10[IKE] <30> no proposal found
      Feb 15 09:23:43	charon: 10[ENC] <30> generating INFORMATIONAL_V1 request 1996475904 [ N(NO_PROP) ]
      Feb 15 09:23:43	charon: 10[NET] <30> sending packet: from 10.10.10.2[500] to 31.161.206.214[500] (56 bytes)
      Feb 15 09:23:44	charon: 08[NET] <31> received packet: from 31.161.206.214[500] to 10.10.10.2[500] (763 bytes)
      Feb 15 09:23:44	charon: 08[ENC] <31> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Feb 15 09:23:44	charon: 08[IKE] <31> received FRAGMENTATION vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received NAT-T (RFC 3947) vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received XAuth vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received Cisco Unity vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> received DPD vendor ID
      Feb 15 09:23:44	charon: 08[IKE] <31> 31.161.206.214 is initiating a Aggressive Mode IKE_SA
      Feb 15 09:23:44	charon: 08[CFG] <31> looking for XAuthInitPSK peer configs matching 10.10.10.2...31.161.206.214[EwesVPN]
      Feb 15 09:23:44	charon: 08[CFG] <31> selected peer config "con1"
      Feb 15 09:23:44	charon: 08[ENC] <con1|31>generating AGGRESSIVE response 0 [ SA KE No ID V V V V NAT-D NAT-D HASH ]
      Feb 15 09:23:44	charon: 08[NET] <con1|31>sending packet: from 10.10.10.2[500] to 31.161.206.214[500] (412 bytes)
      Feb 15 09:23:48	charon: 07[IKE] <con1|31>sending retransmit 1 of response message ID 0, seq 1
      Feb 15 09:23:48	charon: 07[NET] <con1|31>sending packet: from 10.10.10.2[500] to 31.161.206.214[500] (412 bytes)
      Feb 15 09:23:55	charon: 10[IKE] <con1|31>sending retransmit 2 of response message ID 0, seq 1
      Feb 15 09:23:55	charon: 10[NET] <con1|31>sending packet: from 10.10.10.2[500] to 31.161.206.214[500] (412 bytes)
      Feb 15 09:24:08	charon: 07[IKE] <con1|31>sending retransmit 3 of response message ID 0, seq 1
      Feb 15 09:24:08	charon: 07[NET] <con1|31>sending packet: from 10.10.10.2[500] to 31.161.206.214[500] (412 bytes)
      Feb 15 09:24:14	charon: 07[JOB] <con1|31>deleting half open IKE_SA after timeout</con1|31></con1|31></con1|31></con1|31></con1|31></con1|31></con1|31></con1|31></con1|31> 
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.