Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec tunel fails!!!

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 662 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dochy
      last edited by

      Hello i have ipsec VPN tunel between two pfsense version 2.6.0, about 5 month they worked perfect but nowadays tunel started failing after they work about 1-2 days. After fail they will not work until i reset the firewall state table. What it can be? i didnt any serious changes and i havent snort package.

      Jan 9 11:38:14	charon	9940	11[IKE] <con4|23> activating new tasks
      Jan 9 11:38:14	charon	9940	11[IKE] <con4|23> activating ISAKMP_DPD task
      Jan 9 11:38:14	charon	9940	11[ENC] <con4|23> generating INFORMATIONAL_V1 request 3025513881 [ HASH N(DPD) ]
      Jan 9 11:38:14	charon	9940	11[NET] <con4|23> sending packet: from PFSENSEIP1[500] to PFSENSEIP2[500] (92 bytes)
      Jan 9 11:38:14	charon	9940	11[IKE] <con4|23> activating new tasks
      Jan 9 11:38:14	charon	9940	11[IKE] <con4|23> nothing to initiate
      Jan 9 11:38:14	charon	9940	04[NET] error writing to socket: Permission denied
      Jan 9 11:38:24	charon	9940	11[IKE] <con-mobile|25> giving up after 5 retransmits
      Jan 9 11:38:24	charon	9940	14[IKE] <con4|23> sending DPD request
      Jan 9 11:38:24	charon	9940	14[IKE] <con4|23> queueing ISAKMP_DPD task
      Jan 9 11:38:24	charon	9940	11[IKE] <con-mobile|25> establishing IKE_SA failed, peer not responding
      Jan 9 11:38:24	charon	9940	14[IKE] <con4|23> activating new tasks
      Jan 9 11:38:24	charon	9940	11[IKE] <con-mobile|25> IKE_SA con-mobile[25] state change: CONNECTING => DESTROYING
      Jan 9 11:38:24	charon	9940	14[IKE] <con4|23> activating ISAKMP_DPD task
      Jan 9 11:38:24	charon	9940	14[ENC] <con4|23> generating INFORMATIONAL_V1 request 3578472808 [ HASH N(DPD) ]
      Jan 9 11:38:24	charon	9940	14[NET] <con4|23> sending packet: from PFSENSEIP1[500] to PFSENSEIP2[500] (92 bytes)
      Jan 9 11:38:24	charon	9940	14[IKE] <con4|23> activating new tasks
      Jan 9 11:38:24	charon	9940	14[IKE] <con4|23> nothing to initiate
      Jan 9 11:38:24	charon	9940	04[NET] error writing to socket: Permission denied
      Jan 9 11:38:32	charon	9940	14[JOB] <con4|23> DPD check timed out, enforcing DPD action
      Jan 9 11:38:32	charon	9940	14[CFG] <con4|23> updating already routed CHILD_SA 'con4_4'
      Jan 9 11:38:32	charon	9940	14[CFG] <con4|23> configured proposals: ESP:AES_GCM_16_128/NO_EXT_SEQ, ESP:AES_GCM_12_128/NO_EXT_SEQ, ESP:AES_GCM_8_128/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
      Jan 9 11:38:32	charon	9940	14[CHD] <con4|23> CHILD_SA con4_4{75} state change: CREATED => ROUTED
      Jan 9 11:38:32	charon	9940	14[CHD] <con4|23> CHILD_SA con4_4{2} state change: ROUTED => DESTROYING
      Jan 9 11:38:32	charon	9940	14[IKE] <con4|23> IKE_SA con4[23] state change: ESTABLISHED => DESTROYING
      Jan 9 11:38:32	charon	9940	14[CHD] <con4|23> CHILD_SA con4_4{66} state change: INSTALLED => DESTROYING
      Jan 9 11:38:32	charon	9940	11[KNL] creating acquire job for policy PFSENSEIP1/32|/0 === PFSENSEIP2/32|/0 with reqid {2}
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> queueing ISAKMP_VENDOR task
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> queueing ISAKMP_CERT_PRE task
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> queueing MAIN_MODE task
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> queueing ISAKMP_CERT_POST task
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> queueing ISAKMP_NATD task
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> queueing QUICK_MODE task
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> activating new tasks
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> activating ISAKMP_VENDOR task
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> activating ISAKMP_CERT_PRE task
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> activating MAIN_MODE task
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> activating ISAKMP_CERT_POST task
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> activating ISAKMP_NATD task
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> sending XAuth vendor ID
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> sending DPD vendor ID
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> sending FRAGMENTATION vendor ID
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> sending NAT-T (RFC 3947) vendor ID
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> initiating Main Mode IKE_SA con4[37] to PFSENSEIP2
      Jan 9 11:38:32	charon	9940	11[IKE] <con4|37> IKE_SA con4[37] state change: CREATED => CONNECTING
      Jan 9 11:38:32	charon	9940	11[CFG] <con4|37> configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
      Jan 9 11:38:32	charon	9940	11[ENC] <con4|37> generating ID_PROT request 0 [ SA V V V V V ]
      Jan 9 11:38:32	charon	9940	11[NET] <con4|37> sending packet: from PFSENSEIP1[500] to PFSENSEIP2[500] (176 bytes)
      Jan 9 11:38:32	charon	9940	04[NET] error writing to socket: Permission denied
      Jan 9 11:38:35	charon	9940	11[KNL] creating acquire job for policy PFSENSEIP1/32|/0 === PFSENSEIP2/32|/0 with reqid {2}
      Jan 9 11:38:35	charon	9940	11[CFG] ignoring acquire, connection attempt pending
      Jan 9 11:38:37	charon	9940	11[IKE] <con4|37> sending retransmit 1 of request message ID 0, seq 1
      Jan 9 11:38:37	charon	9940	11[NET] <con4|37> sending packet: from PFSENSEIP1[500] to PFSENSEIP2[500] (176 bytes)
      Jan 9 11:38:37	charon	9940	04[NET] error writing to socket: Permission denied
      Jan 9 11:38:38	charon	9940	11[KNL] creating acquire job for policy PFSENSEIP1/32|/0 === PFSENSEIP2/32|/0 with reqid {2}
      Jan 9 11:38:38	charon	9940	11[CFG] ignoring acquire, connection attempt pending
      Jan 9 11:38:39	charon	9940	14[KNL] creating acquire job for policy PFSENSEIP1/32|/0 === PFSENSEIP2/32|/0 with reqid {2}
      Jan 9 11:38:39	charon	9940	14[CFG] ignoring acquire, connection attempt pending
      
      M 1 Reply Last reply Reply Quote 0
      • M
        marcfunk @dochy
        last edited by

        @dochy
        Hey! Have you a solution for this problem? We have currently the same..."error writing to socket"

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.