IPSEC Tunnel will not come up after upgrade
-
pfSense-kernel-pfSense upgraded: 2.4.0.b.20170516.1310 -> 2.4.0.r.20170828.1105
After the upgrade the tunnel will not come up.
Due to the remote device we are limited in what we can select for settings. We have verified the settings on this side have not changed within the web interface after the upgrade. The remote side is a full work day trip so we have not verified that side, but it was verified that it was working up until we did the upgrade and after the upgrade it never came back up.
IKEv1
IPv4
Mutual PSK
Aggressive
Identifiers:
IP address
IP addressPhase 1 Proposal:
Encryption Algorithm - AES 128
Hash - SHA1
DH - 2
Lifetime - 28800Advanced:
NAT traversal - AutoLog:
Aug 30 10:54:55 charon 08[IKE] <con4000|36>IKE_SA con4000[36] state change: CONNECTING => DESTROYING
Aug 30 10:54:55 charon 08[IKE] <con4000|36>received AUTHENTICATION_FAILED error notify
Aug 30 10:54:55 charon 08[ENC] <con4000|36>parsed INFORMATIONAL_V1 request 4198953118 [ N(AUTH_FAILED) ]
Aug 30 10:54:55 charon 08[NET] <con4000|36>received packet: from yyy.yyy.yyy.yyy[500] to xxx.xxx.xxx.xxx[500] (56 bytes)
Aug 30 10:54:54 charon 08[NET] <con4000|36>sending packet: from xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500] (360 bytes)
Aug 30 10:54:54 charon 08[ENC] <con4000|36>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
Aug 30 10:54:54 charon 08[CFG] <con4000|36>configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug 30 10:54:54 charon 08[IKE] <con4000|36>IKE_SA con4000[36] state change: CREATED => CONNECTING
Aug 30 10:54:54 charon 08[IKE] <con4000|36>initiating Aggressive Mode IKE_SA con4000[36] to yyy.yyy.yyy.yyy
Aug 30 10:54:54 charon 08[IKE] <con4000|36>sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Aug 30 10:54:54 charon 08[IKE] <con4000|36>sending NAT-T (RFC 3947) vendor ID
Aug 30 10:54:54 charon 08[IKE] <con4000|36>sending FRAGMENTATION vendor ID
Aug 30 10:54:54 charon 08[IKE] <con4000|36>sending DPD vendor ID
Aug 30 10:54:54 charon 08[IKE] <con4000|36>sending XAuth vendor ID
Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating ISAKMP_NATD task
Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating ISAKMP_CERT_POST task
Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating AGGRESSIVE_MODE task
Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating ISAKMP_CERT_PRE task
Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating ISAKMP_VENDOR task
Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating new tasks
Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing QUICK_MODE task
Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing ISAKMP_NATD task
Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing ISAKMP_CERT_POST task
Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing AGGRESSIVE_MODE task
Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing ISAKMP_CERT_PRE task
Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing ISAKMP_VENDOR task
Aug 30 10:54:54 charon 08[KNL] creating acquire job for policy xxx.xxx.xxx.xxx/32|/0 === yyy.yyy.yyy.yyy/32|/0 with reqid {4}</con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36>