Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.3.5 and 2.1.5 IPSec tunnel

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 296 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Desroze
      last edited by

      I have our network of affiliates, each of which has a gateway configured for pfSense 2.1.5 back in the old days, and it seems to be basically everything works, except for some things that were corrected before. But I decided to update this whole thing gradually and put the gateway on pfSense 2.3.5 into one of the branches. I decided to configure IPSec - a tunnel between this "innovation" and the old one which is still in the head office. I set up, started, the tunnel even worked, but after an hour or a half fell down and refuses to go back up. In any case, so writes 2.3.5, at the same time, 2.1.5 says that all the norms, and he does not know the problems.
      Previously, the same branch worked exactly the same tunnel, except that it was configured on both sides at 2.1.5 and it felt great that now I happened to understand I can not understand it ...
      server configuration in the branch:

      Phase1
Key Exchange version Auto
Internet Protocol v4
Interface WAN
Remote Gateway 188.128.xxx.xx
Authentication Method Manual PSK
Negotiation mode Main
Pre-Shared Key 123123123
Encryption Algorithm AES
Hash Algorithm SHA1
DH Group 1
NAT Traversal Force

Phase2
Mode Tunnel IPv4
Remote Network Network 10.0.0.0 /24
Protocol ESP
Encryption Algorithms AES
Hash Algorithms SHA1

      On the "home" side all the same, only the remote address is specified 92.255.yyy.yyy and in Phase2 the remote network is 192.168.72.0 / 24

      In log I can see next text:

      May 22 07:09:58 	charon 		04[IKE] <con1|2>initiating IKE_SA con1[2] to 188.128.xxx.xx
May 22 07:09:58 	charon 		04[ENC] <con1|2>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
May 22 07:09:58 	charon 		04[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:10:02 	charon 		07[IKE] <con1|2>retransmit 1 of request with message ID 0
May 22 07:10:02 	charon 		07[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:10:09 	charon 		09[IKE] <con1|2>retransmit 2 of request with message ID 0
May 22 07:10:09 	charon 		09[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:10:22 	charon 		07[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
May 22 07:10:22 	charon 		13[CFG] ignoring acquire, connection attempt pending
May 22 07:10:22 	charon 		13[IKE] <con1|2>retransmit 3 of request with message ID 0
May 22 07:10:22 	charon 		13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:10:45 	charon 		06[IKE] <con1|2>retransmit 4 of request with message ID 0
May 22 07:10:45 	charon 		06[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:11:25 	charon 		09[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
May 22 07:11:25 	charon 		04[CFG] ignoring acquire, connection attempt pending
May 22 07:11:27 	charon 		09[IKE] <con1|2>retransmit 5 of request with message ID 0
May 22 07:11:27 	charon 		09[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:12:28 	charon 		12[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
May 22 07:12:28 	charon 		10[CFG] ignoring acquire, connection attempt pending
May 22 07:12:43 	charon 		13[IKE] <con1|2>giving up after 5 retransmits
May 22 07:12:43 	charon 		13[IKE] <con1|2>peer not responding, trying again (3/3)
May 22 07:12:43 	charon 		13[IKE] <con1|2>initiating IKE_SA con1[2] to 188.128.xxx.xx
May 22 07:12:43 	charon 		13[ENC] <con1|2>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
May 22 07:12:43 	charon 		13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:12:47 	charon 		13[IKE] <con1|2>retransmit 1 of request with message ID 0
May 22 07:12:47 	charon 		13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:12:54 	charon 		07[IKE] <con1|2>retransmit 2 of request with message ID 0
May 22 07:12:54 	charon 		07[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:13:07 	charon 		05[IKE] <con1|2>retransmit 3 of request with message ID 0
May 22 07:13:07 	charon 		05[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:13:30 	charon 		08[IKE] <con1|2>retransmit 4 of request with message ID 0
May 22 07:13:30 	charon 		08[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:13:31 	charon 		08[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
May 22 07:13:31 	charon 		06[CFG] ignoring acquire, connection attempt pending
May 22 07:14:12 	charon 		11[IKE] <con1|2>retransmit 5 of request with message ID 0
May 22 07:14:12 	charon 		11[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:14:34 	charon 		14[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
May 22 07:14:34 	charon 		09[CFG] ignoring acquire, connection attempt pending
May 22 07:15:28 	charon 		11[IKE] <con1|2>giving up after 5 retransmits
May 22 07:15:28 	charon 		11[IKE] <con1|2>establishing IKE_SA failed, peer not responding
May 22 07:15:37 	charon 		12[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
May 22 07:15:37 	charon 		11[IKE] <con1|3>initiating IKE_SA con1[3] to 188.128.xxx.xx
May 22 07:15:37 	charon 		11[ENC] <con1|3>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
May 22 07:15:37 	charon 		11[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:15:41 	charon 		07[IKE] <con1|3>retransmit 1 of request with message ID 0
May 22 07:15:41 	charon 		07[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:15:48 	charon 		07[IKE] <con1|3>retransmit 2 of request with message ID 0
May 22 07:15:48 	charon 		07[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
May 22 07:16:01 	charon 		14[IKE] <con1|3>retransmit 3 of request with message ID 0
May 22 07:16:01 	charon 		14[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)</con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2>

      Tell me please, what I doing wrong?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.