Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN S2S - P2 Bytes-In: 0 (0 B) Packets-In: 0 Bytes-Out: 0 (0 B) Packets-Out: 0

    IPsec
    2
    5
    847
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonathan.posada
      last edited by

      Good day,

      My problem is in a vpn that had been working well around a year ago (No changes have been made in the last days that affect the behavior of this connection).

      Today I have no connection to the addresses I have configured in the respective phases 2 of a vpn I have against a fortigate, to review I changed the lifetime in both phase 1 and phase 2 but the result is the same.

      The vpn lifts but the state of the 15 phases 2 that I have configured is the following.

      Bytes-In: 0 (0 B) Packets-In: 0 Bytes-Out: 0 (0 B) Packets-Out: 0
      0_1550591967034_66a84fc3-ec51-4356-a618-e451bbd9cc52-image.png

      Well the question is if before it worked because no longer, as I said I see that phase 1 rises without problems equally phases 2 but these do not generate traffic input and output (This ever happened to me the brief solution was to disconnect the tunnel and upload it again), but today this solution without coherence had no effect.

      Version 2.4.4-RELEASE-p1
      Config

      0_1550592000188_bbbf7a24-0e00-442d-9205-89f2e93d4060-image.png

      Well for my part I would say that there are no problems in the configuration because as I mentioned this worked without problem and hard stable and never presented this problem, your help I have already invested in forums some people with the same problem but none gives a solution.

      making a capture from the fortinet the traffic comes out but in the pfsense even with the vpn up there is no traffic for phases 2

      0_1550592123987_93bb9313-e420-4d56-9937-6baa7d9de63f-image.png

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Not sure what you're expecting there. 172.16.100.6 is not a local subnet in any of the Phase 2 entries you showed us.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        J 1 Reply Last reply Reply Quote 0
        • J
          jonathan.posada @Derelict
          last edited by

          @derelict Good day thanks for answering this is the p2 is configured, as I was saying this before it worked today stages 2 in a capture is not seen traffic.

          0_1550593929556_39e5fcf9-e651-4671-8590-94cc42f535c3-image.png

          0_1550594044833_320007ac-0c50-4d53-9c45-44966bdd674e-image.png

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            OK so we assume that P2 is actually up.

            If you packet capture on the IPsec interface and those SYNs do not arrive, the problem is likely on the fortigate side.

            Do you see traffic or increasing counters for traffic originating on your side?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            J 1 Reply Last reply Reply Quote 0
            • J
              jonathan.posada @Derelict
              last edited by

              @derelict from the firewall fortigate in the capture I see the traffic coming out, but this does not reach the pfsense making the capture by ipsec

              Origin -> fortigate
              192.168.0.0/24
              destination -> pfsense
              172.16.100.0/27

              Something additional currently from that fortigate I have another vpn with another pfsense and it is established without problems these two vpn have the same configuration parameters.

              0_1550595464289_f8e30d6a-fb99-42f3-a31e-466357195f26-image.png

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.