IPSEC Port 500 Blocked.



  • Hi.

    I've got some IPSEC VPNs that have been running fine.

    This morning we found they were down and looking at the IPSEC Log we couldn't see the IP Address for the remote ends.Looking at the system firewall log I can see both IP Address on port 500 are blocked.

    I've cleared the states and restarted racoon, I've also tried applying easyRules.. still the VPN's are down.

    Any ideas how I can resolve this ?
    Thanks



  • Obvious question what is the device uptime, i.e was there a restart?

    Apart from the basic stuff when you run a tcpdump on either end do you see traffic arriving on port 500?



  • Pfsense is running and hasn't restarted.
    Without the easyrules I see traffic from the two IP addresses being blocked in the firewall log.

    If I add the easyrules the traffic isn't marked as blocked and I do see states set up, but no IPSEC VPN is established.

    I'm at a loss as to why pfsense was blocking in the first place and why after the rules and racoon restart this isn't working.

    Thanks


  • Netgate

    racoon? How old is this version of pfSense that is giving you IPsec trouble?



  • Hi

    pfSense is 2.3.5-RELEASE (i386)

    We seem to have had some luck.
    One VPN is up and connected for 18 hours.

    The other two come up and then disconnect after 20 seconds.
    Any idea what would cause that ?

    Thanks


  • Netgate

    pfSense is 2.3.5-RELEASE (i386)

    You are not running racoon. You are running strongswan (charon). i386? It's 2018.

    I would guess the phase 1 is succeeding then the phase 2 is failing and one side or the other is subsequently deleting the phase 1.

    Impossible to tell without looking at the IPsec logs.

    Guidance:

    https://doc.pfsense.org/index.php/IPsec_Troubleshooting