2.3.5 and 2.1.5 IPSec tunnel
-
I have our network of affiliates, each of which has a gateway configured for pfSense 2.1.5 back in the old days, and it seems to be basically everything works, except for some things that were corrected before. But I decided to update this whole thing gradually and put the gateway on pfSense 2.3.5 into one of the branches. I decided to configure IPSec - a tunnel between this "innovation" and the old one which is still in the head office. I set up, started, the tunnel even worked, but after an hour or a half fell down and refuses to go back up. In any case, so writes 2.3.5, at the same time, 2.1.5 says that all the norms, and he does not know the problems.
Previously, the same branch worked exactly the same tunnel, except that it was configured on both sides at 2.1.5 and it felt great that now I happened to understand I can not understand it ...
server configuration in the branch:Phase1 Key Exchange version Auto Internet Protocol v4 Interface WAN Remote Gateway 188.128.xxx.xx Authentication Method Manual PSK Negotiation mode Main Pre-Shared Key 123123123 Encryption Algorithm AES Hash Algorithm SHA1 DH Group 1 NAT Traversal Force Phase2 Mode Tunnel IPv4 Remote Network Network 10.0.0.0 /24 Protocol ESP Encryption Algorithms AES Hash Algorithms SHA1
On the "home" side all the same, only the remote address is specified 92.255.yyy.yyy and in Phase2 the remote network is 192.168.72.0 / 24
In log I can see next text:
May 22 07:09:58 charon 04[IKE] <con1|2>initiating IKE_SA con1[2] to 188.128.xxx.xx May 22 07:09:58 charon 04[ENC] <con1|2>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] May 22 07:09:58 charon 04[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:10:02 charon 07[IKE] <con1|2>retransmit 1 of request with message ID 0 May 22 07:10:02 charon 07[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:10:09 charon 09[IKE] <con1|2>retransmit 2 of request with message ID 0 May 22 07:10:09 charon 09[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:10:22 charon 07[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1} May 22 07:10:22 charon 13[CFG] ignoring acquire, connection attempt pending May 22 07:10:22 charon 13[IKE] <con1|2>retransmit 3 of request with message ID 0 May 22 07:10:22 charon 13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:10:45 charon 06[IKE] <con1|2>retransmit 4 of request with message ID 0 May 22 07:10:45 charon 06[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:11:25 charon 09[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1} May 22 07:11:25 charon 04[CFG] ignoring acquire, connection attempt pending May 22 07:11:27 charon 09[IKE] <con1|2>retransmit 5 of request with message ID 0 May 22 07:11:27 charon 09[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:12:28 charon 12[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1} May 22 07:12:28 charon 10[CFG] ignoring acquire, connection attempt pending May 22 07:12:43 charon 13[IKE] <con1|2>giving up after 5 retransmits May 22 07:12:43 charon 13[IKE] <con1|2>peer not responding, trying again (3/3) May 22 07:12:43 charon 13[IKE] <con1|2>initiating IKE_SA con1[2] to 188.128.xxx.xx May 22 07:12:43 charon 13[ENC] <con1|2>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] May 22 07:12:43 charon 13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:12:47 charon 13[IKE] <con1|2>retransmit 1 of request with message ID 0 May 22 07:12:47 charon 13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:12:54 charon 07[IKE] <con1|2>retransmit 2 of request with message ID 0 May 22 07:12:54 charon 07[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:13:07 charon 05[IKE] <con1|2>retransmit 3 of request with message ID 0 May 22 07:13:07 charon 05[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:13:30 charon 08[IKE] <con1|2>retransmit 4 of request with message ID 0 May 22 07:13:30 charon 08[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:13:31 charon 08[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1} May 22 07:13:31 charon 06[CFG] ignoring acquire, connection attempt pending May 22 07:14:12 charon 11[IKE] <con1|2>retransmit 5 of request with message ID 0 May 22 07:14:12 charon 11[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:14:34 charon 14[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1} May 22 07:14:34 charon 09[CFG] ignoring acquire, connection attempt pending May 22 07:15:28 charon 11[IKE] <con1|2>giving up after 5 retransmits May 22 07:15:28 charon 11[IKE] <con1|2>establishing IKE_SA failed, peer not responding May 22 07:15:37 charon 12[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1} May 22 07:15:37 charon 11[IKE] <con1|3>initiating IKE_SA con1[3] to 188.128.xxx.xx May 22 07:15:37 charon 11[ENC] <con1|3>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] May 22 07:15:37 charon 11[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:15:41 charon 07[IKE] <con1|3>retransmit 1 of request with message ID 0 May 22 07:15:41 charon 07[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:15:48 charon 07[IKE] <con1|3>retransmit 2 of request with message ID 0 May 22 07:15:48 charon 07[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes) May 22 07:16:01 charon 14[IKE] <con1|3>retransmit 3 of request with message ID 0 May 22 07:16:01 charon 14[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)</con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2>
Tell me please, what I doing wrong?