PfSense IPsec Site to Site Issues



  • Hi

    I have this netowrk architecture

    0_1545984475876_assa.PNG

    I want relink this two networks with each other

    I have done the following :

    Pfsense 1 :

    Disabled
    Key Exchange version : IKEv1
    Internet Protocol : IPv4
    Interface : WAN
    Remote Gateway : 117.X.X.X

    Phase 1 : Proposal (Authentication)
    Authentication Method : Mutual PSK
    Negotiation mode : Aggressive
    My identifier : 196.X.X.X
    Peer identifier : Peer IP address
    Pre-Shared Key : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    Phase 1 Proposal (Encryption Algorithm)
    Encryption Algorithm : AES
    Key length : 256 bits
    Hash : SHA256
    DH Group : 14(2048)

    General Information
    phase 2 :

    Disabled : unchecked
    Mode : Tunnel IPV4
    Local Network : LAN subnet

    NAT/BINAT translation : none

    Remote Network : Network : 192.168.6.0/24
    and the same configuration in the phase 1

    I have used this configuration in Pfsense 2 (i have changed the IP address of corse)

    When i go to Status /IPsec /Overview and i click : connect VPN

    the state is always : disconnected

    i check the system log file :

    Dec 28 08:21:23 charon 12[CFG] vici client 311 connected
    Dec 28 08:21:23 charon 01[CFG] vici client 311 registered for: list-sa
    Dec 28 08:21:23 charon 12[CFG] vici client 311 requests: list-sas
    Dec 28 08:21:23 charon 12[CFG] vici client 311 disconnected



  • the service is ON , i have restarted the two services , but the same problem



  • i change the ike version to 2

    Dec 28 08:43:14 charon 01[IKE] <con1000|97> retransmit 2 of request with message ID 1
    Dec 28 08:43:14 charon 01[NET] <con1000|97> sending packet: from 192.168.100.9[4500] to 196.XXXX[4500] (272 bytes)
    Dec 28 08:43:14 charon 03[ENC] generating INFORMATIONAL response 0 [ N(INVAL_MAJOR) ]
    Dec 28 08:43:14 charon 03[NET] sending packet: from 192.168.100.9[4500] to 196.XXXX[4500] (36 bytes)
    Dec 28 08:43:14 charon 03[NET] received unsupported IKE version 0.0 from 196.XXXX, sending INVALID_MAJOR_VERSION



  • @joseph-watever-j
    Hey
    On router 196.X. X.X.X port forwarding enabled ?
    4500, 500-udp
    and ESP Protocol



  • @konstanti

    Yes it is open



  • @joseph-watever-j
    You can show logs IPSEC on Pfsense1 and Pfsense 2?



  • @konstanti

    i have put the log in my topic