Disconnected phase 2 IPSEC pfsense2.4.4-FORTIGATE
Anyone can help me?
Please see my configuration on the pictures. IPSEC can be establised
** but after a while the IPSEC retunrns to inactive.
I have to put disable and enable to reconnect it again.
Could you help me please?
i say something is wrong on your config.. IKE Phase 2 ?
where are on your config this ip 192.168.10.2/32 10.0.0.113/32 ?
i can see you have 192.168.10.0/24 and 10.0.0.0/16
I have configured 192.168.10.0/24 as local LAN subnet(IPSEC)
and 10.0.0.0/16 as remote subnet (IPSEC)
I didn't configure the sub net 192.168.10.2/32 and 10.0.0.113/32 any where
Thank you very much kiokoman for your replying. Do you think the Lan subnet (IPSEC) should be more specific?
like what? if you have 10.0/24 and 0.0/16 on both side is ok.
maybe try to "Disable rekey" for a test
also you might try stopping and then starting IPsec service (don't use the restart action)
Please take a look at the log file and here is my new configuration phase1.
Even thought, the Disable rekey is cheked. The IPsec still keep turn on to inactive about after 30 mn of connexion.
you have another error here,
no acceptable DIFFIE_HELLMAN_GROUP found
Encryption Algorithm for PHASE 1 -> both side must use the same settings
PFS key group for PHASE 2 -> both side must use the same settings
Here is my configuration of remote side.
Excatly, I 've cheked on Diffie-Hellman Group 14 and 5 by error.
After the rectification of this error, the status of IPSEC turned to SESSION OUT OF TIME after about 1 hour.
Konstanti last edited by
What is the lifetime value in PFSense's phase 2 settings ? Also of 3600 seconds ?
Try only on the Fortigate side to reduce this value to 3000 second
@Konstanti Thank you Konstani. The problem is resolved with
-Enable Replay Detection checked
-Enable Perfect Forward Secrecy checked