Second IPSec VTI falls
-
Hi!
I'm new to pfSense.
Please help me solve the problem:I have a pfSense 23.05.1-RELEASE server configured in AWS.
I have a gray address in AWS, but I access the world through Elastic IP.
I'm setting up 2 IPSec VTI tunnels with our client.
The tunnel that went up first works without problems.
The second tunnel falls every 30 seconds.
The tunnels are configured in the same way, and if I enable the “second” tunnel first, the first one will have the same problem.
using TCPDUMP I see that in the first tunnel the source and destination ports are 4500,
in the second tunnel the source port variable.I see in the logs:
05[IKE] <con3|623> sending keep alive to <IP-PEER2>[4500]
13[IKE] <con3|619> giving up after 5 retransmits
13[IKE] <con3|619> establishing IKE_SA failed, peer not responding
13[IKE] <con3|619> IKE_SA con3[619] state change: CONNECTING => DESTROYING
13[CHD] <con3|619> CHILD_SA con3{239} state change: CREATED => DESTROYINGP.S Sorry for my English - it's not my native language
-
I solved the problem.
The problem was the duplicate session.
I solved it with the help of: https://docs.netgate.com/pfsense/en/latest/troubleshooting/ipsec-duplicate-sa.html