IPsec fails to connect after upgrade from 2.1.5 (IDir does not match)

2.2 Snapshot Feedback and Problems - RETIRED
Log in to reply
  • S

    I have a perfectly working IPsec tunnel to two different locations. However; after upgrading to 2.2BETA the tunnels failed to come up with the following errors:

    using 2.2-BETA-amd64-20140923-0500 snapshot

    Sep 25 10:11:10 pfsense charon: 09[KNL] creating acquire job for policy xx.xx.xx.xx/32|/0 === yy.yy.yy.yy/32|/0 with reqid {1}
    Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>initiating Aggressive Mode IKE_SA con1[21] to yy.yy.yy.yy
    Sep 25 10:11:10 pfsense charon: 08[IKE] initiating Aggressive Mode IKE_SA con1[21] to yy.yy.yy.yy
    Sep 25 10:11:10 pfsense charon: 08[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
    Sep 25 10:11:10 pfsense charon: 08[NET] sending packet: from xx.xx.xx.xx[500] to yy.yy.yy.yy[500] (374 bytes)
    Sep 25 10:11:10 pfsense charon: 08[NET] received packet: from yy.yy.yy.yy[500] to xx.xx.xx.xx[500] (447 bytes)
    Sep 25 10:11:10 pfsense charon: 08[ENC] parsed AGGRESSIVE response 0 [ SA KE No ID HASH V V V V NAT-D NAT-D V V ]
    Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>received Cisco Unity vendor ID
    Sep 25 10:11:10 pfsense charon: 08[IKE] received Cisco Unity vendor ID
    Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>received XAuth vendor ID
    Sep 25 10:11:10 pfsense charon: 08[IKE] received XAuth vendor ID
    Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>received DPD vendor ID
    Sep 25 10:11:10 pfsense charon: 08[IKE] received DPD vendor ID
    Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Sep 25 10:11:10 pfsense charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>received FRAGMENTATION vendor ID
    Sep 25 10:11:10 pfsense charon: 08[IKE] received FRAGMENTATION vendor ID
    Sep 25 10:11:10 pfsense charon: 08[ENC] received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
    Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>IDir 'LAB-FW1.acmy.com' does not match to 'yy.yy.yy.yy'
    Sep 25 10:11:10 pfsense charon: 08[IKE] IDir 'LAB-FW1.acmy.com' does not match to 'yy.yy.yy.yy'
    Sep 25 10:11:10 pfsense charon: 08[ENC] generating INFORMATIONAL_V1 request 3665657818 [ N(INVAL_ID) ]
    Sep 25 10:11:10 pfsense charon: 08[NET] sending packet: from xx.xx.xx.xx[500] to yy.yy.yy.yy[500] (56 bytes)</con1|21></con1|21></con1|21></con1|21></con1|21></con1|21></con1|21>

    0
  • E

    Can you describe your configuration?
    I would assume that if you send as peer ID its dns name would match that, no?

    0
  • S

    site-to-site using peer ip

    0
  • E

    I need details!
    I need to see your configration to replicate.

    0
  • S

    Please tell me what to send you

    0
  • C

    Same Problem here, IDir 'Domain.name' does not match to 'IP address'.

    But I can Access the remote Firewall over Domain Name or IP address (using zoneedit).

    The Domain Name does have another reverse IP Name as it is from the Internet Provider.

    It's a ipseq pfsense <-> m0n0wall.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy