Multi Ipsec VPN Problem

2.1 Snapshot Feedback and Problems - RETIRED
Log in to reply
  • I

    I use multiple IPSec VPN connections, the connection problem after a certain period following the link breaks and the vpn is not held back

    2.1-DEVELOPMENT (amd64)

    0
  • D

    You'll need to provide a lot more info:

    Did your IPsec VPNs work well before upgrading to 2.1-DEVEL? (if so, which pfsense version 1.2.3 or 2.0.1?)

    DPD?
    NAT-T?
    IPsec mobile?
    etc

    Also provide full racoon logs.

    0
  • I

    I previously was using version 2.0.1

    DPD - Disable
    NAT-T - Disable
    IPsec mobile - Enable

    0
  • D

    @itoxygen:

    IPsec mobile - Enable

    Well, perhaps it's a regression due to the patch to fix of 1970

    0
  • jimp
    Rebel Alliance Developer Netgate

    Still not enough info here.

    You need to post your IPsec logs from when it's failing to reconnect, along with the output of

    setkey -D
    setkey -DP

    From when it's working and when it's not working, for comparison.

    0
  • I

    $ setkey -DP
    192.168.55.0/24[any] 192.168.55.254[any] 255
    in none
    spid=2 seq=11 pid=54024
    refcnt=1
    192.168.15.0/24[any] 192.168.55.0/24[any] 255
    in ipsec
    esp/tunnel/95.x.xx.xx-213.xxx.xxx.xx/unique#16386
    spid=4 seq=10 pid=54024
    refcnt=1
    192.168.5.0/24[any] 192.168.55.0/24[any] 255
    in ipsec
    esp/tunnel/78.xxx.xxx.xxx-213.xxx.xxx.xx/unique#16388
    spid=6 seq=9 pid=54024
    refcnt=1
    192.168.6.0/24[any] 192.168.55.0/24[any] 255
    in ipsec
    esp/tunnel/78.xxx.xxx.xxx-213.xxx.xxx.xx/unique#16390
    spid=8 seq=8 pid=54024
    refcnt=1
    192.168.8.0/24[any] 192.168.55.0/24[any] 255
    in ipsec
    esp/tunnel/78.xxx.xx.xx-213.xxx.xxx.xx/unique#16392
    spid=10 seq=7 pid=54024
    refcnt=1
    192.168.18.0/24[any] 192.168.55.0/24[any] 255
    in ipsec
    esp/tunnel/81.xxx.xx.xxx-213.xxx.xxx.xx/unique#16394
    spid=12 seq=6 pid=54024
    refcnt=1
    192.168.55.254[any] 192.168.55.0/24[any] 255
    out none
    spid=1 seq=5 pid=54024
    refcnt=1
    192.168.55.0/24[any] 192.168.15.0/24[any] 255
    out ipsec
    esp/tunnel/213.xxx.xxx.xx-95.x.xx.xx/unique#16385
    spid=3 seq=4 pid=54024
    refcnt=1
    192.168.55.0/24[any] 192.168.5.0/24[any] 255
    out ipsec
    esp/tunnel/213.xxx.xxx.xx-78.xxx.xxx.xxx/unique#16387
    spid=5 seq=3 pid=54024
    refcnt=1
    192.168.55.0/24[any] 192.168.6.0/24[any] 255
    out ipsec
    esp/tunnel/213.xxx.xxx.xx-78.xxx.xxx.xxx/unique#16389
    spid=7 seq=2 pid=54024
    refcnt=1
    192.168.55.0/24[any] 192.168.8.0/24[any] 255
    out ipsec
    esp/tunnel/213.xxx.xxx.xx-78.xxx.xx.xx/unique#16391
    spid=9 seq=1 pid=54024
    refcnt=1
    192.168.55.0/24[any] 192.168.18.0/24[any] 255
    out ipsec
    esp/tunnel/213.xxx.xxx.xx-81.xxx.xx.xxx/unique#16393
    spid=11 seq=0 pid=54024
    refcnt=1

    0
  • I

    $ setkey -D
    213.xxx.xxx.xx 78.xxx.xx.xx
    esp mode=any spi=3620357127(0xd7ca4407) reqid=16391(0x00004007)
    E: aes-cbc  7686bf77 f62b0396 d41e52d4 65acc363
    A: hmac-sha1  951974a6 81da8068 82e549bb 4d753766 0ff8689b
    seq=0x00000183 replay=4 flags=0x00000000 state=mature
    created: Apr 13 16:04:16 2012 current: Apr 13 17:22:06 2012
    diff: 4670(s) hard: 28800(s) soft: 23040(s)
    last: Apr 13 17:21:41 2012 hard: 0(s) soft: 0(s)
    current: 271224(bytes) hard: 0(bytes) soft: 0(bytes)
    allocated: 387 hard: 0 soft: 0
    sadb_seq=7 pid=18139 refcnt=2
    78.xxx.xx.xx 213.xxx.xxx.xx
    esp mode=tunnel spi=128898573(0x07aed60d) reqid=16392(0x00004008)
    E: aes-cbc  2a1bce17 3cdd25cb b29efca3 b9d46f1d
    A: hmac-sha1  a5f03b30 158f7622 759d231a affa0159 d9bbdf42
    seq=0x00000148 replay=4 flags=0x00000000 state=mature
    created: Apr 13 16:04:16 2012 current: Apr 13 17:22:06 2012
    diff: 4670(s) hard: 28800(s) soft: 23040(s)
    last: Apr 13 17:21:41 2012 hard: 0(s) soft: 0(s)
    current: 32597(bytes) hard: 0(bytes) soft: 0(bytes)
    allocated: 328 hard: 0 soft: 0
    sadb_seq=6 pid=18139 refcnt=1
    213.xxx.xxx.xx 95.x.xx.xx
    esp mode=any spi=81132314(0x04d5fb1a) reqid=16385(0x00004001)
    E: aes-cbc  f7a70af4 58addc1a 584a8e6f 33b8bab4
    A: hmac-sha1  bed0d0fd 37a90867 49efd159 3b5baa6d 631a8627
    seq=0x000012fe replay=4 flags=0x00000000 state=mature
    created: Apr 13 16:01:15 2012 current: Apr 13 17:22:06 2012
    diff: 4851(s) hard: 28800(s) soft: 23040(s)
    last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
    current: 709808(bytes) hard: 0(bytes) soft: 0(bytes)
    allocated: 4862 hard: 0 soft: 0
    sadb_seq=5 pid=18139 refcnt=2
    95.x.xx.xx 213.xxx.xxx.xx
    esp mode=tunnel spi=223923227(0x0d58cc1b) reqid=16386(0x00004002)
    E: aes-cbc  0b13ac84 23799226 acf6c001 b42c191f
    A: hmac-sha1  9b24e11f 51f58595 1438b99a 874c678e 8f076aae
    seq=0x00000000 replay=4 flags=0x00000000 state=mature
    created: Apr 13 16:01:15 2012 current: Apr 13 17:22:06 2012
    diff: 4851(s) hard: 28800(s) soft: 23040(s)
    last:                    hard: 0(s) soft: 0(s)
    current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
    allocated: 0 hard: 0 soft: 0
    sadb_seq=4 pid=18139 refcnt=1
    213.xxx.xxx.xx 78.xxx.xxx.xxx
    esp mode=any spi=2785857967(0xa60cd1af) reqid=16389(0x00004005)
    E: aes-cbc  2d8f8dc8 fd0edb39 5f487fc3 868cb40c
    A: hmac-sha1  9e7861f2 6db71edb 97c85e2f eeb2d92a 7840d4e5
    seq=0x000042aa replay=4 flags=0x00000000 state=mature
    created: Apr 13 16:01:14 2012 current: Apr 13 17:22:06 2012
    diff: 4852(s) hard: 28800(s) soft: 23040(s)
    last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
    current: 19091504(bytes) hard: 0(bytes) soft: 0(bytes)
    allocated: 17066 hard: 0 soft: 0
    sadb_seq=3 pid=18139 refcnt=2
    78.xxx.xxx.xxx 213.xxx.xxx.xx
    esp mode=tunnel spi=174727792(0x0a6a2270) reqid=16390(0x00004006)
    E: aes-cbc  e95d38fd 59f37f5d 20d87b10 2994deac
    A: hmac-sha1  51d83dfb 66de3f2e 9a80fc0d 720da3fd 6df1003c
    seq=0x000032e6 replay=4 flags=0x00000000 state=mature
    created: Apr 13 16:01:14 2012 current: Apr 13 17:22:06 2012
    diff: 4852(s) hard: 28800(s) soft: 23040(s)
    last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
    current: 3143780(bytes) hard: 0(bytes) soft: 0(bytes)
    allocated: 13030 hard: 0 soft: 0
    sadb_seq=2 pid=18139 refcnt=1
    213.xxx.xxx.xx 78.xxx.xxx.xxx
    esp mode=any spi=3295792916(0xc471cf14) reqid=16387(0x00004003)
    E: aes-cbc  50de0576 3aa95c37 dba14263 57737455
    A: hmac-sha1  dded9c1f 6b2135a8 60d934a5 a9d7a5a3 3ac9fcb5
    seq=0x00003023 replay=4 flags=0x00000000 state=mature
    created: Apr 13 16:01:11 2012 current: Apr 13 17:22:06 2012
    diff: 4855(s) hard: 28800(s) soft: 23040(s)
    last: Apr 13 17:22:00 2012 hard: 0(s) soft: 0(s)
    current: 7009560(bytes) hard: 0(bytes) soft: 0(bytes)
    allocated: 12323 hard: 0 soft: 0
    sadb_seq=1 pid=18139 refcnt=2
    78.xxx.xxx.xxx 213.xxx.xxx.xx
    esp mode=tunnel spi=91025691(0x056cf11b) reqid=16388(0x00004004)
    E: aes-cbc  8f05fb5d 766899c7 ab518e46 e438d3ec
    A: hmac-sha1  e7d8fe13 6e9141d0 b219c538 cd66f662 e88604d3
    seq=0x000031bb replay=4 flags=0x00000000 state=mature
    created: Apr 13 16:01:11 2012 current: Apr 13 17:22:06 2012
    diff: 4855(s) hard: 28800(s) soft: 23040(s)
    last: Apr 13 17:22:03 2012 hard: 0(s) soft: 0(s)
    current: 1495084(bytes) hard: 0(bytes) soft: 0(bytes)
    allocated: 12731 hard: 0 soft: 0
    sadb_seq=0 pid=18139 refcnt=1

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy