2 IPSec tunnels, one is silent

kristaps.kr

Hello

Need to make three IPsec tunnels, one is working (A), others (B,C) is just silent, no errors in logs, nothing, no activity.

Network looks like this site (A and B have both pfsense 1.2.3 :

SITE A (192.168.3.0/24) –---
  |                                        \      Tunnel B      
  |                                          
  | Tunnel A                               WAN ------------ CISCO (10.0.100.0/24)
  |                                           /
  |                                        /      Tunnel C
SITE B (192.168.4.0/24) -----

Tunnel A works in any conditions, until i disable it.

Tunnel B,C doesn't show any living response, always yellow, and it doesn't try to connect to cisco remote gateway. just silence.
after reboot both (A,B) routers tunnel A is up, B, C is down and not any logs.
tried to switch on/off IPSec the same result. For 24 for hours if B anC tunnels are left on it doesn't try to connect to cisco.
when i delete tunnel A on both sites (A and C) tunnels dissapear from SAD, SPD exists, Overview is empty. logs say nothing.
Tunnel A: aggressive, UserFQDN
Tunnel B,C: main, MyIP

could it be possible that there were upgrade from 1.2.2 to 1.2.3 for both pfsense routers? after this.

one more strange thing which i found from time to time, that ipsec croses subnets wrong ways
should be (for site B LAN 192.168.4.254)
IPsec 192.168.4.0 to 192.168.3.0
IPsec 192.168.4.0 to 10.0.100.0
but in logs several times it was
IPsec 192.168.4.0 to 192.168.4.0
IPsec 192.168.3.0 to 10.0.100.0

i understand that sounds "great" but seems that i am 5 minutes befor reinstall.

thnx

kristaps.kr

@kristaps.kr:

Hello

Need to make three IPsec tunnels, one is working (A), others (B,C) is just silent, no errors in logs, nothing, no activity.

Network looks like this site (A and B have both pfsense 1.2.3 :

SITE A (192.168.3.0/24) –---
   |                                        \      Tunnel B       
   |                                         
   | Tunnel A                               WAN ------------ CISCO (10.0.100.0/24)
   |                                           /
   |                                        /      Tunnel C
SITE B (192.168.4.0/24) -----

Tunnel A works in any conditions, until i disable it.

Tunnel B,C doesn't show any living response, always yellow, and it doesn't try to connect to cisco remote gateway. just silence.
after reboot both (A,B) routers tunnel A is up, B, C is down and not any logs.
tried to switch on/off IPSec the same result. For 24 for hours if B anC tunnels are left on it doesn't try to connect to cisco.
when i delete tunnel A on both sites (A and C) tunnels dissapear from SAD, SPD exists, Overview is empty. logs say nothing.
Tunnel A: aggressive, UserFQDN
Tunnel B,C: main, MyIP

could it be possible that there were upgrade from 1.2.2 to 1.2.3 for both pfsense routers? after this.

one more strange thing which i found from time to time, that ipsec croses subnets wrong ways
should be (for site B LAN 192.168.4.254)
IPsec 192.168.4.0 to 192.168.3.0
IPsec 192.168.4.0 to 10.0.100.0
but in logs several times it was
IPsec 192.168.4.0 to 192.168.4.0
IPsec 192.168.3.0 to 10.0.100.0

i understand that sounds "great" but seems that i am 5 minutes befor reinstall.

thnx

my solution

when i made second tunnel to 10.0.100.0 it doesn't want to came up
in tunnel settings local subnet was "LAN network"
when i changed it to Network and pushed to use the same network with same subnet 192.168.4.0/24
tunnel started to work.
now both tunnels work

hope that this will help to someone

thnx
kristaps