Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi Ipsec VPN Problem

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    7 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      itoxygen
      last edited by

      I use multiple IPSec VPN connections, the connection problem after a certain period following the link breaks and the vpn is not held back

      2.1-DEVELOPMENT (amd64)

      1 Reply Last reply Reply Quote 0
      • D
        dhatz
        last edited by

        You'll need to provide a lot more info:

        Did your IPsec VPNs work well before upgrading to 2.1-DEVEL? (if so, which pfsense version 1.2.3 or 2.0.1?)

        DPD?
        NAT-T?
        IPsec mobile?
        etc

        Also provide full racoon logs.

        1 Reply Last reply Reply Quote 0
        • I
          itoxygen
          last edited by

          I previously was using version 2.0.1

          DPD - Disable
          NAT-T - Disable
          IPsec mobile - Enable

          1 Reply Last reply Reply Quote 0
          • D
            dhatz
            last edited by

            @itoxygen:

            IPsec mobile - Enable

            Well, perhaps it's a regression due to the patch to fix of 1970

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Still not enough info here.

              You need to post your IPsec logs from when it's failing to reconnect, along with the output of

              setkey -D
              setkey -DP

              From when it's working and when it's not working, for comparison.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • I
                itoxygen
                last edited by

                $ setkey -DP
                192.168.55.0/24[any] 192.168.55.254[any] 255
                in none
                spid=2 seq=11 pid=54024
                refcnt=1
                192.168.15.0/24[any] 192.168.55.0/24[any] 255
                in ipsec
                esp/tunnel/95.x.xx.xx-213.xxx.xxx.xx/unique#16386
                spid=4 seq=10 pid=54024
                refcnt=1
                192.168.5.0/24[any] 192.168.55.0/24[any] 255
                in ipsec
                esp/tunnel/78.xxx.xxx.xxx-213.xxx.xxx.xx/unique#16388
                spid=6 seq=9 pid=54024
                refcnt=1
                192.168.6.0/24[any] 192.168.55.0/24[any] 255
                in ipsec
                esp/tunnel/78.xxx.xxx.xxx-213.xxx.xxx.xx/unique#16390
                spid=8 seq=8 pid=54024
                refcnt=1
                192.168.8.0/24[any] 192.168.55.0/24[any] 255
                in ipsec
                esp/tunnel/78.xxx.xx.xx-213.xxx.xxx.xx/unique#16392
                spid=10 seq=7 pid=54024
                refcnt=1
                192.168.18.0/24[any] 192.168.55.0/24[any] 255
                in ipsec
                esp/tunnel/81.xxx.xx.xxx-213.xxx.xxx.xx/unique#16394
                spid=12 seq=6 pid=54024
                refcnt=1
                192.168.55.254[any] 192.168.55.0/24[any] 255
                out none
                spid=1 seq=5 pid=54024
                refcnt=1
                192.168.55.0/24[any] 192.168.15.0/24[any] 255
                out ipsec
                esp/tunnel/213.xxx.xxx.xx-95.x.xx.xx/unique#16385
                spid=3 seq=4 pid=54024
                refcnt=1
                192.168.55.0/24[any] 192.168.5.0/24[any] 255
                out ipsec
                esp/tunnel/213.xxx.xxx.xx-78.xxx.xxx.xxx/unique#16387
                spid=5 seq=3 pid=54024
                refcnt=1
                192.168.55.0/24[any] 192.168.6.0/24[any] 255
                out ipsec
                esp/tunnel/213.xxx.xxx.xx-78.xxx.xxx.xxx/unique#16389
                spid=7 seq=2 pid=54024
                refcnt=1
                192.168.55.0/24[any] 192.168.8.0/24[any] 255
                out ipsec
                esp/tunnel/213.xxx.xxx.xx-78.xxx.xx.xx/unique#16391
                spid=9 seq=1 pid=54024
                refcnt=1
                192.168.55.0/24[any] 192.168.18.0/24[any] 255
                out ipsec
                esp/tunnel/213.xxx.xxx.xx-81.xxx.xx.xxx/unique#16393
                spid=11 seq=0 pid=54024
                refcnt=1

                1 Reply Last reply Reply Quote 0
                • I
                  itoxygen
                  last edited by

                  $ setkey -D
                  213.xxx.xxx.xx 78.xxx.xx.xx
                  esp mode=any spi=3620357127(0xd7ca4407) reqid=16391(0x00004007)
                  E: aes-cbc  7686bf77 f62b0396 d41e52d4 65acc363
                  A: hmac-sha1  951974a6 81da8068 82e549bb 4d753766 0ff8689b
                  seq=0x00000183 replay=4 flags=0x00000000 state=mature
                  created: Apr 13 16:04:16 2012 current: Apr 13 17:22:06 2012
                  diff: 4670(s) hard: 28800(s) soft: 23040(s)
                  last: Apr 13 17:21:41 2012 hard: 0(s) soft: 0(s)
                  current: 271224(bytes) hard: 0(bytes) soft: 0(bytes)
                  allocated: 387 hard: 0 soft: 0
                  sadb_seq=7 pid=18139 refcnt=2
                  78.xxx.xx.xx 213.xxx.xxx.xx
                  esp mode=tunnel spi=128898573(0x07aed60d) reqid=16392(0x00004008)
                  E: aes-cbc  2a1bce17 3cdd25cb b29efca3 b9d46f1d
                  A: hmac-sha1  a5f03b30 158f7622 759d231a affa0159 d9bbdf42
                  seq=0x00000148 replay=4 flags=0x00000000 state=mature
                  created: Apr 13 16:04:16 2012 current: Apr 13 17:22:06 2012
                  diff: 4670(s) hard: 28800(s) soft: 23040(s)
                  last: Apr 13 17:21:41 2012 hard: 0(s) soft: 0(s)
                  current: 32597(bytes) hard: 0(bytes) soft: 0(bytes)
                  allocated: 328 hard: 0 soft: 0
                  sadb_seq=6 pid=18139 refcnt=1
                  213.xxx.xxx.xx 95.x.xx.xx
                  esp mode=any spi=81132314(0x04d5fb1a) reqid=16385(0x00004001)
                  E: aes-cbc  f7a70af4 58addc1a 584a8e6f 33b8bab4
                  A: hmac-sha1  bed0d0fd 37a90867 49efd159 3b5baa6d 631a8627
                  seq=0x000012fe replay=4 flags=0x00000000 state=mature
                  created: Apr 13 16:01:15 2012 current: Apr 13 17:22:06 2012
                  diff: 4851(s) hard: 28800(s) soft: 23040(s)
                  last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
                  current: 709808(bytes) hard: 0(bytes) soft: 0(bytes)
                  allocated: 4862 hard: 0 soft: 0
                  sadb_seq=5 pid=18139 refcnt=2
                  95.x.xx.xx 213.xxx.xxx.xx
                  esp mode=tunnel spi=223923227(0x0d58cc1b) reqid=16386(0x00004002)
                  E: aes-cbc  0b13ac84 23799226 acf6c001 b42c191f
                  A: hmac-sha1  9b24e11f 51f58595 1438b99a 874c678e 8f076aae
                  seq=0x00000000 replay=4 flags=0x00000000 state=mature
                  created: Apr 13 16:01:15 2012 current: Apr 13 17:22:06 2012
                  diff: 4851(s) hard: 28800(s) soft: 23040(s)
                  last:                    hard: 0(s) soft: 0(s)
                  current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
                  allocated: 0 hard: 0 soft: 0
                  sadb_seq=4 pid=18139 refcnt=1
                  213.xxx.xxx.xx 78.xxx.xxx.xxx
                  esp mode=any spi=2785857967(0xa60cd1af) reqid=16389(0x00004005)
                  E: aes-cbc  2d8f8dc8 fd0edb39 5f487fc3 868cb40c
                  A: hmac-sha1  9e7861f2 6db71edb 97c85e2f eeb2d92a 7840d4e5
                  seq=0x000042aa replay=4 flags=0x00000000 state=mature
                  created: Apr 13 16:01:14 2012 current: Apr 13 17:22:06 2012
                  diff: 4852(s) hard: 28800(s) soft: 23040(s)
                  last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
                  current: 19091504(bytes) hard: 0(bytes) soft: 0(bytes)
                  allocated: 17066 hard: 0 soft: 0
                  sadb_seq=3 pid=18139 refcnt=2
                  78.xxx.xxx.xxx 213.xxx.xxx.xx
                  esp mode=tunnel spi=174727792(0x0a6a2270) reqid=16390(0x00004006)
                  E: aes-cbc  e95d38fd 59f37f5d 20d87b10 2994deac
                  A: hmac-sha1  51d83dfb 66de3f2e 9a80fc0d 720da3fd 6df1003c
                  seq=0x000032e6 replay=4 flags=0x00000000 state=mature
                  created: Apr 13 16:01:14 2012 current: Apr 13 17:22:06 2012
                  diff: 4852(s) hard: 28800(s) soft: 23040(s)
                  last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
                  current: 3143780(bytes) hard: 0(bytes) soft: 0(bytes)
                  allocated: 13030 hard: 0 soft: 0
                  sadb_seq=2 pid=18139 refcnt=1
                  213.xxx.xxx.xx 78.xxx.xxx.xxx
                  esp mode=any spi=3295792916(0xc471cf14) reqid=16387(0x00004003)
                  E: aes-cbc  50de0576 3aa95c37 dba14263 57737455
                  A: hmac-sha1  dded9c1f 6b2135a8 60d934a5 a9d7a5a3 3ac9fcb5
                  seq=0x00003023 replay=4 flags=0x00000000 state=mature
                  created: Apr 13 16:01:11 2012 current: Apr 13 17:22:06 2012
                  diff: 4855(s) hard: 28800(s) soft: 23040(s)
                  last: Apr 13 17:22:00 2012 hard: 0(s) soft: 0(s)
                  current: 7009560(bytes) hard: 0(bytes) soft: 0(bytes)
                  allocated: 12323 hard: 0 soft: 0
                  sadb_seq=1 pid=18139 refcnt=2
                  78.xxx.xxx.xxx 213.xxx.xxx.xx
                  esp mode=tunnel spi=91025691(0x056cf11b) reqid=16388(0x00004004)
                  E: aes-cbc  8f05fb5d 766899c7 ab518e46 e438d3ec
                  A: hmac-sha1  e7d8fe13 6e9141d0 b219c538 cd66f662 e88604d3
                  seq=0x000031bb replay=4 flags=0x00000000 state=mature
                  created: Apr 13 16:01:11 2012 current: Apr 13 17:22:06 2012
                  diff: 4855(s) hard: 28800(s) soft: 23040(s)
                  last: Apr 13 17:22:03 2012 hard: 0(s) soft: 0(s)
                  current: 1495084(bytes) hard: 0(bytes) soft: 0(bytes)
                  allocated: 12731 hard: 0 soft: 0
                  sadb_seq=0 pid=18139 refcnt=1

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.