No traffic between PfSense and Monowall tunnel
-
Hello
I have site-to-site setup between (site1)PfSense(2.1) and (site2)Monowall(1.34). The Ipsec tunnel was working like a charm before when I was running the previous version of PfSense.
But after I upgraded to latest version. No traffic is going trough it.
If I go to:Status->ipsec->overview = Active(Green)
Status->ipsec->SAD=
Source Destination Protocol SPI Enc. alg. Auth. alg . Data
Site1 Site2 ESP 09f1b348 blowfish-cbc hmac-sha1 5504 B
Site2 Site1 ESP 00540335 blowfish-cbc hmac-sha1 0 BStatus->ipsec->LOG
Oct 1 21:58:38 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
Oct 1 21:58:38 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
Oct 1 21:58:38 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[4500] used for NAT-T
Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[4500] used as isakmp port (fd=13)
Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[500] used for NAT-T
Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[500] used as isakmp port (fd=14)
Oct 1 21:58:41 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
Oct 1 21:58:41 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
Oct 1 21:58:41 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[4500] used for NAT-T
Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[4500] used as isakmp port (fd=13)
Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[500] used for NAT-T
Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[500] used as isakmp port (fd=14)
Oct 1 21:58:41 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 1 21:58:41 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.2/32[0] 192.168.0.0/24[0] proto=any dir=out
Oct 1 21:58:41 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.0/24[0] 192.168.0.2/32[0] proto=any dir=in
Oct 1 21:58:42 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 1 21:59:14 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 1 22:00:09 racoon: [GreenCity]: INFO: respond new phase 1 negotiation: Site1ip[500]<=>Site2ip[500]
Oct 1 22:00:09 racoon: INFO: begin Aggressive mode.
Oct 1 22:00:09 racoon: INFO: received Vendor ID: DPD
Oct 1 22:00:09 racoon: [GreenCity]: [Site2ip] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Oct 1 22:00:09 racoon: [GreenCity]: INFO: ISAKMP-SA established Site1ip[500]-Site2ip[500] spi:d15325d570874ce9:c06ed6b1cb5c72af
Oct 1 22:00:10 racoon: [GreenCity]: INFO: respond new phase 2 negotiation: Site1ip[500]<=>Site2ip[500]
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:256 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:248 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:240 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:232 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:224 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:216 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:208 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:200 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:192 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:184 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:176 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:168 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:160 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:152 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:144 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:136 peer:128.
Oct 1 22:00:10 racoon: [GreenCity]: INFO: IPsec-SA established: ESP Site1ip[500]->Site2ip[500] spi=215023445(0xcd0ff55)
Oct 1 22:00:10 racoon: [GreenCity]: INFO: IPsec-SA established: ESP Site1ip[500]->Site2ip[500] spi=143386518(0x88be796) -
Anyone that have a clue what could be wrong here?