Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense IPSec vpn stops connecting to target

    Scheduled Pinned Locked Moved
    IPsec
    1
    3
    485
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      Obi
      last edited by

      I've following setup to call rest api methods from PC A to PC B.

      PC A --> PFSense <-- internet --> Hardware Firewall --> PC B

      PC A is a rest api client and PC B is a rest server. PFSense and Hardware Firewall connected via IPSec Vpn.

      When I start vpn service everything works well. PC A calling api methods from PC B and getting reponses as expected. But after for a while (meanwhile pc a calls api methods periodically) I'm getting winsock error 12002 (connection timeout) when connectiong to rest api. Rest client cannot connect to server.

      I've checked ipsec vpn status from Pfsense panel. Its running! I've checked Ipsec logs there is no error, warning or disconnected message. I can see DPD packets still sending and receiving in Ipsec logs.

      If I restart vpn service api calls works as again. But after a while problem occurs again.

      What can be wrong?

      O 2 Replies Last reply Reply Quote 0
      • O
        Obi @Obi
        last edited by

        @obi The log records when the connection could not be established are as follows.

        Apr 6 20:58:15 charon 4704 14[IKE] <con1|2> nothing to initiate
        Apr 6 20:58:15 charon 4704 14[IKE] <con1|2> activating new tasks
        Apr 6 20:58:15 charon 4704 14[ENC] <con1|2> parsed INFORMATIONAL_V1 request 1521675537 [ HASH N(DPD_ACK) ]
        Apr 6 20:58:15 charon 4704 14[NET] <con1|2> received packet: from 176.xxx.xxx.xxx[500] to 37.xxx.xxx.xxx[500] (108 bytes)
        Apr 6 20:58:15 charon 4704 14[IKE] <con1|2> nothing to initiate
        Apr 6 20:58:15 charon 4704 14[IKE] <con1|2> activating new tasks
        Apr 6 20:58:15 charon 4704 14[NET] <con1|2> sending packet: from 37.xxx.xxx.xxx[500] to 176.xxx.xxx.xxx[500] (108 bytes)
        Apr 6 20:58:15 charon 4704 14[ENC] <con1|2> generating INFORMATIONAL_V1 request 2367298055 [ HASH N(DPD) ]
        Apr 6 20:58:15 charon 4704 14[IKE] <con1|2> activating ISAKMP_DPD task
        Apr 6 20:58:15 charon 4704 14[IKE] <con1|2> activating new tasks
        Apr 6 20:58:15 charon 4704 14[IKE] <con1|2> queueing ISAKMP_DPD task
        Apr 6 20:58:15 charon 4704 14[IKE] <con1|2> sending DPD request

        1 Reply Last reply Reply Quote 0
        • O
          Obi @Obi
          last edited by

          @obi Solved!
          The problem was caused by remote network configuration that two vpn client use same P2 local ip.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post