2.3.5 and 2.1.5 IPSec tunnel



  • I have our network of affiliates, each of which has a gateway configured for pfSense 2.1.5 back in the old days, and it seems to be basically everything works, except for some things that were corrected before. But I decided to update this whole thing gradually and put the gateway on pfSense 2.3.5 into one of the branches. I decided to configure IPSec - a tunnel between this “innovation” and the old one which is still in the head office. I set up, started, the tunnel even worked, but after an hour or a half fell down and refuses to go back up. In any case, so writes 2.3.5, at the same time, 2.1.5 says that all the norms, and he does not know the problems.
    Previously, the same branch worked exactly the same tunnel, except that it was configured on both sides at 2.1.5 and it felt great that now I happened to understand I can not understand it …
    server configuration in the branch:

    Phase1
    Key Exchange version Auto
    Internet Protocol v4
    Interface WAN
    Remote Gateway 188.128.xxx.xx
    Authentication Method Manual PSK
    Negotiation mode Main
    Pre-Shared Key 123123123
    Encryption Algorithm AES
    Hash Algorithm SHA1
    DH Group 1
    NAT Traversal Force
    
    Phase2
    Mode Tunnel IPv4
    Remote Network Network 10.0.0.0 /24
    Protocol ESP
    Encryption Algorithms AES
    Hash Algorithms SHA1
    

    On the “home” side all the same, only the remote address is specified 92.255.yyy.yyy and in Phase2 the remote network is 192.168.72.0 / 24

    In log I can see next text:

    May 22 07:09:58 	charon 		04[IKE] <con1|2>initiating IKE_SA con1[2] to 188.128.xxx.xx
    May 22 07:09:58 	charon 		04[ENC] <con1|2>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
    May 22 07:09:58 	charon 		04[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:10:02 	charon 		07[IKE] <con1|2>retransmit 1 of request with message ID 0
    May 22 07:10:02 	charon 		07[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:10:09 	charon 		09[IKE] <con1|2>retransmit 2 of request with message ID 0
    May 22 07:10:09 	charon 		09[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:10:22 	charon 		07[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
    May 22 07:10:22 	charon 		13[CFG] ignoring acquire, connection attempt pending
    May 22 07:10:22 	charon 		13[IKE] <con1|2>retransmit 3 of request with message ID 0
    May 22 07:10:22 	charon 		13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:10:45 	charon 		06[IKE] <con1|2>retransmit 4 of request with message ID 0
    May 22 07:10:45 	charon 		06[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:11:25 	charon 		09[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
    May 22 07:11:25 	charon 		04[CFG] ignoring acquire, connection attempt pending
    May 22 07:11:27 	charon 		09[IKE] <con1|2>retransmit 5 of request with message ID 0
    May 22 07:11:27 	charon 		09[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:12:28 	charon 		12[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
    May 22 07:12:28 	charon 		10[CFG] ignoring acquire, connection attempt pending
    May 22 07:12:43 	charon 		13[IKE] <con1|2>giving up after 5 retransmits
    May 22 07:12:43 	charon 		13[IKE] <con1|2>peer not responding, trying again (3/3)
    May 22 07:12:43 	charon 		13[IKE] <con1|2>initiating IKE_SA con1[2] to 188.128.xxx.xx
    May 22 07:12:43 	charon 		13[ENC] <con1|2>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
    May 22 07:12:43 	charon 		13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:12:47 	charon 		13[IKE] <con1|2>retransmit 1 of request with message ID 0
    May 22 07:12:47 	charon 		13[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:12:54 	charon 		07[IKE] <con1|2>retransmit 2 of request with message ID 0
    May 22 07:12:54 	charon 		07[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:13:07 	charon 		05[IKE] <con1|2>retransmit 3 of request with message ID 0
    May 22 07:13:07 	charon 		05[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:13:30 	charon 		08[IKE] <con1|2>retransmit 4 of request with message ID 0
    May 22 07:13:30 	charon 		08[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:13:31 	charon 		08[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
    May 22 07:13:31 	charon 		06[CFG] ignoring acquire, connection attempt pending
    May 22 07:14:12 	charon 		11[IKE] <con1|2>retransmit 5 of request with message ID 0
    May 22 07:14:12 	charon 		11[NET] <con1|2>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:14:34 	charon 		14[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
    May 22 07:14:34 	charon 		09[CFG] ignoring acquire, connection attempt pending
    May 22 07:15:28 	charon 		11[IKE] <con1|2>giving up after 5 retransmits
    May 22 07:15:28 	charon 		11[IKE] <con1|2>establishing IKE_SA failed, peer not responding
    May 22 07:15:37 	charon 		12[KNL] creating acquire job for policy 92.255.yyy.yyy/32|/0 === 188.128.xxx.xx/32|/0 with reqid {1}
    May 22 07:15:37 	charon 		11[IKE] <con1|3>initiating IKE_SA con1[3] to 188.128.xxx.xx
    May 22 07:15:37 	charon 		11[ENC] <con1|3>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
    May 22 07:15:37 	charon 		11[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:15:41 	charon 		07[IKE] <con1|3>retransmit 1 of request with message ID 0
    May 22 07:15:41 	charon 		07[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:15:48 	charon 		07[IKE] <con1|3>retransmit 2 of request with message ID 0
    May 22 07:15:48 	charon 		07[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)
    May 22 07:16:01 	charon 		14[IKE] <con1|3>retransmit 3 of request with message ID 0
    May 22 07:16:01 	charon 		14[NET] <con1|3>sending packet: from 92.255.yyy.yyy[500] to 188.128.xxx.xx[500] (306 bytes)</con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2>
    

    Tell me please, what I doing wrong?


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy