Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.3.5 and 2.1.5 IPSec tunnel

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 296 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Desroze
      last edited by

      I have our network of affiliates, each of which has a gateway configured for pfSense 2.1.5 back in the old days, and it seems to be basically everything works, except for some things that were corrected before. But I decided to update this whole thing gradually and put the gateway on pfSense 2.3.5 into one of the branches. I decided to configure IPSec - a tunnel between this "innovation" and the old one which is still in the head office. I set up, started, the tunnel even worked, but after an hour or a half fell down and refuses to go back up. In any case, so writes 2.3.5, at the same time, 2.1.5 says that all the norms, and he does not know the problems.
      Previously, the same branch worked exactly the same tunnel, except that it was configured on both sides at 2.1.5 and it felt great that now I happened to understand I can not understand it ...
      server configuration in the branch:

      Phase1
      Key Exchange version Auto
      Internet Protocol v4
      Interface WAN
      Remote Gateway 188.128.xxx.xx
      Authentication Method Manual PSK
      Negotiation mode Main
      Pre-Shared Key 123123123
      Encryption Algorithm AES
      Hash Algorithm SHA1
      DH Group 1
      NAT Traversal Force
      
      Phase2
      Mode Tunnel IPv4
      Remote Network Network 10.0.0.0 /24
      Protocol ESP
      Encryption Algorithms AES
      Hash Algorithms SHA1
      

      On the "home" side all the same, only the remote address is specified 92.255.yyy.yyy and in Phase2 the remote network is 192.168.72.0 / 24

      In log I can see next text:

      May 22 07:09:58 	charon 		04[IKE] <con1|2>initiating IKE_SA con1[2] to 188.128.xxx.xx
      May 22 07:09:58 	charon 		04[ENC] <con1|2>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
      May 22 07:09:58 	charon 		04[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:10:02 	charon 		07[IKE] <con1|2>retransmit 1 of request with message ID 0
      May 22 07:10:02 	charon 		07[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:10:09 	charon 		09[IKE] <con1|2>retransmit 2 of request with message ID 0
      May 22 07:10:09 	charon 		09[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:10:22 	charon 		07[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
      May 22 07:10:22 	charon 		13[CFG] ignoring acquire, connection attempt pending
      May 22 07:10:22 	charon 		13[IKE] <con1|2>retransmit 3 of request with message ID 0
      May 22 07:10:22 	charon 		13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:10:45 	charon 		06[IKE] <con1|2>retransmit 4 of request with message ID 0
      May 22 07:10:45 	charon 		06[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:11:25 	charon 		09[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
      May 22 07:11:25 	charon 		04[CFG] ignoring acquire, connection attempt pending
      May 22 07:11:27 	charon 		09[IKE] <con1|2>retransmit 5 of request with message ID 0
      May 22 07:11:27 	charon 		09[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:12:28 	charon 		12[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
      May 22 07:12:28 	charon 		10[CFG] ignoring acquire, connection attempt pending
      May 22 07:12:43 	charon 		13[IKE] <con1|2>giving up after 5 retransmits
      May 22 07:12:43 	charon 		13[IKE] <con1|2>peer not responding, trying again (3/3)
      May 22 07:12:43 	charon 		13[IKE] <con1|2>initiating IKE_SA con1[2] to 188.128.xxx.xx
      May 22 07:12:43 	charon 		13[ENC] <con1|2>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
      May 22 07:12:43 	charon 		13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:12:47 	charon 		13[IKE] <con1|2>retransmit 1 of request with message ID 0
      May 22 07:12:47 	charon 		13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:12:54 	charon 		07[IKE] <con1|2>retransmit 2 of request with message ID 0
      May 22 07:12:54 	charon 		07[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:13:07 	charon 		05[IKE] <con1|2>retransmit 3 of request with message ID 0
      May 22 07:13:07 	charon 		05[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:13:30 	charon 		08[IKE] <con1|2>retransmit 4 of request with message ID 0
      May 22 07:13:30 	charon 		08[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:13:31 	charon 		08[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
      May 22 07:13:31 	charon 		06[CFG] ignoring acquire, connection attempt pending
      May 22 07:14:12 	charon 		11[IKE] <con1|2>retransmit 5 of request with message ID 0
      May 22 07:14:12 	charon 		11[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:14:34 	charon 		14[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
      May 22 07:14:34 	charon 		09[CFG] ignoring acquire, connection attempt pending
      May 22 07:15:28 	charon 		11[IKE] <con1|2>giving up after 5 retransmits
      May 22 07:15:28 	charon 		11[IKE] <con1|2>establishing IKE_SA failed, peer not responding
      May 22 07:15:37 	charon 		12[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
      May 22 07:15:37 	charon 		11[IKE] <con1|3>initiating IKE_SA con1[3] to 188.128.xxx.xx
      May 22 07:15:37 	charon 		11[ENC] <con1|3>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
      May 22 07:15:37 	charon 		11[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:15:41 	charon 		07[IKE] <con1|3>retransmit 1 of request with message ID 0
      May 22 07:15:41 	charon 		07[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:15:48 	charon 		07[IKE] <con1|3>retransmit 2 of request with message ID 0
      May 22 07:15:48 	charon 		07[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
      May 22 07:16:01 	charon 		14[IKE] <con1|3>retransmit 3 of request with message ID 0
      May 22 07:16:01 	charon 		14[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)</con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2>
      

      Tell me please, what I doing wrong?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.