Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSEC Tunnel will not come up after upgrade

    2.4 Development Snapshots
    1
    1
    238
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jammcla last edited by

      pfSense-kernel-pfSense upgraded: 2.4.0.b.20170516.1310 -> 2.4.0.r.20170828.1105

      After the upgrade the tunnel will not come up.

      Due to the remote device we are limited in what we can select for settings.  We have verified the settings on this side have not changed within the web interface after the upgrade.  The remote side is a full work day trip so we have not verified that side, but it was verified that it was working up until we did the upgrade and after the upgrade it never came back up.

      IKEv1
      IPv4
      Mutual PSK
      Aggressive
      Identifiers:
      IP address
      IP address

      Phase 1 Proposal:
      Encryption Algorithm - AES 128
      Hash - SHA1
      DH - 2
      Lifetime - 28800

      Advanced:
      NAT traversal - Auto

      Log:

      Aug 30 10:54:55 charon 08[IKE] <con4000|36>IKE_SA con4000[36] state change: CONNECTING => DESTROYING
      Aug 30 10:54:55 charon 08[IKE] <con4000|36>received AUTHENTICATION_FAILED error notify
      Aug 30 10:54:55 charon 08[ENC] <con4000|36>parsed INFORMATIONAL_V1 request 4198953118 [ N(AUTH_FAILED) ]
      Aug 30 10:54:55 charon 08[NET] <con4000|36>received packet: from yyy.yyy.yyy.yyy[500] to xxx.xxx.xxx.xxx[500] (56 bytes)
      Aug 30 10:54:54 charon 08[NET] <con4000|36>sending packet: from xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500] (360 bytes)
      Aug 30 10:54:54 charon 08[ENC] <con4000|36>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
      Aug 30 10:54:54 charon 08[CFG] <con4000|36>configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>IKE_SA con4000[36] state change: CREATED => CONNECTING
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>initiating Aggressive Mode IKE_SA con4000[36] to yyy.yyy.yyy.yyy
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>sending NAT-T (RFC 3947) vendor ID
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>sending FRAGMENTATION vendor ID
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>sending DPD vendor ID
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>sending XAuth vendor ID
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating ISAKMP_NATD task
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating ISAKMP_CERT_POST task
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating AGGRESSIVE_MODE task
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating ISAKMP_CERT_PRE task
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating ISAKMP_VENDOR task
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>activating new tasks
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing QUICK_MODE task
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing ISAKMP_NATD task
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing ISAKMP_CERT_POST task
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing AGGRESSIVE_MODE task
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing ISAKMP_CERT_PRE task
      Aug 30 10:54:54 charon 08[IKE] <con4000|36>queueing ISAKMP_VENDOR task
      Aug 30 10:54:54 charon 08[KNL] creating acquire job for policy xxx.xxx.xxx.xxx/32|/0 === yyy.yyy.yyy.yyy/32|/0 with reqid {4}</con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36></con4000|36>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post