It used to work and it doesn't anymore.

oscar.pulgarin

I had an IPsec connection between two pfsense, it had been working perfectly several months ago but recently it stopped working, it is not a blocking issue, and the IPsec logs are not telling,

May 14 09:16:32 charon 38255 11[IKE] <con2|1468> IKE_SA con2[1468] state change: CONNECTING => DESTROYING
May 14 09:16:32 charon 38255 11[IKE] <con2|1468> establishing IKE_SA failed, peer not responding
May 14 09:16:32 charon 38255 11[IKE] <con2|1468> giving up after 5 retransmits
May 14 09:16:17 charon 38255 11[CFG] ignoring acquire, connection attempt pending
May 14 09:16:17 charon 38255 01[KNL] creating acquire job for policy 1.1.1.1/32|/0 === 2.2.2.2/32|/0 with reqid {1}
May 14 09:15:17 charon 38255 01[NET] <con2|1468> sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (336 bytes)
May 14 09:15:17 charon 38255 01[IKE] <con2|1468> retransmit 5 of request with message ID 0
May 14 09:15:02 charon 38255 01[CFG] ignoring acquire, connection attempt pending
May 14 09:15:02 charon 38255 11[KNL] creating acquire job for policy 1.1.1.1/32|/0 === 2.2.2.2/32|/0 with reqid {1}
May 14 09:14:35 charon 38255 11[NET] <con2|1468> sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (336 bytes)
May 14 09:14:35 charon 38255 11[IKE] <con2|1468> retransmit 4 of request with message ID 0
May 14 09:14:11 charon 38255 11[NET] <con2|1468> sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (336 bytes)
May 14 09:14:11 charon 38255 11[IKE] <con2|1468> retransmit 3 of request with message ID 0
May 14 09:13:58 charon 38255 11[NET] <con2|1468> sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (336 bytes)
May 14 09:13:58 charon 38255 11[IKE] <con2|1468> retransmit 2 of request with message ID 0
May 14 09:13:51 charon 38255 11[NET] <con2|1468> sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (336 bytes)
May 14 09:13:51 charon 38255 11[IKE] <con2|1468> retransmit 1 of request with message ID 0
May 14 09:13:49 charon 38255 07[CFG] vici client 267 disconnected
May 14 09:13:49 charon 38255 05[CHD] CHILD_SA con2{5} state change: CREATED => ROUTED
May 14 09:13:49 charon 38255 05[CFG] configured proposals: ESP:AES_GCM_16_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
May 14 09:13:49 charon 38255 05[CFG] installing 'con2'
May 14 09:13:49 charon 38255 05[CHD] CHILD_SA con2{4} state change: ROUTED => DESTROYING
May 14 09:13:49 charon 38255 05[CFG] uninstalling 'con2'
May 14 09:13:49 charon 38255 05[CFG] replaced vici connection: con2
May 14 09:13:49 charon 38255 05[CFG] id = 2.2.2.2
May 14 09:13:49 charon 38255 05[CFG] class = pre-shared key
May 14 09:13:49 charon 38255 05[CFG] remote:
May 14 09:13:49 charon 38255 05[CFG] id = 1.1.1.1
May 14 09:13:49 charon 38255 05[CFG] class = pre-shared key
May 14 09:13:49 charon 38255 05[CFG] local:
May 14 09:13:49 charon 38255 05[CFG] if_id_out = 0
May 14 09:13:49 charon 38255 05[CFG] if_id_in = 0
May 14 09:13:49 charon 38255 05[CFG] proposals = IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

viragomann

@oscar-pulgarin
What's about the other site?
Seems it doesn't respond.

oscar.pulgarin

@viragomann I have access to both Pfsense, both have other IPsec tunnels established and they still do not respond

viragomann

@oscar-pulgarin
The question is, what the remote site logs regarding this connection, however.