IPsec fails to connect after upgrade from 2.1.5 (IDir does not match)
-
I have a perfectly working IPsec tunnel to two different locations. However; after upgrading to 2.2BETA the tunnels failed to come up with the following errors:
using 2.2-BETA-amd64-20140923-0500 snapshot
Sep 25 10:11:10 pfsense charon: 09[KNL] creating acquire job for policy xx.xx.xx.xx/32|/0 === yy.yy.yy.yy/32|/0 with reqid {1}
Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>initiating Aggressive Mode IKE_SA con1[21] to yy.yy.yy.yy
Sep 25 10:11:10 pfsense charon: 08[IKE] initiating Aggressive Mode IKE_SA con1[21] to yy.yy.yy.yy
Sep 25 10:11:10 pfsense charon: 08[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
Sep 25 10:11:10 pfsense charon: 08[NET] sending packet: from xx.xx.xx.xx[500] to yy.yy.yy.yy[500] (374 bytes)
Sep 25 10:11:10 pfsense charon: 08[NET] received packet: from yy.yy.yy.yy[500] to xx.xx.xx.xx[500] (447 bytes)
Sep 25 10:11:10 pfsense charon: 08[ENC] parsed AGGRESSIVE response 0 [ SA KE No ID HASH V V V V NAT-D NAT-D V V ]
Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>received Cisco Unity vendor ID
Sep 25 10:11:10 pfsense charon: 08[IKE] received Cisco Unity vendor ID
Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>received XAuth vendor ID
Sep 25 10:11:10 pfsense charon: 08[IKE] received XAuth vendor ID
Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>received DPD vendor ID
Sep 25 10:11:10 pfsense charon: 08[IKE] received DPD vendor ID
Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Sep 25 10:11:10 pfsense charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>received FRAGMENTATION vendor ID
Sep 25 10:11:10 pfsense charon: 08[IKE] received FRAGMENTATION vendor ID
Sep 25 10:11:10 pfsense charon: 08[ENC] received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
Sep 25 10:11:10 pfsense charon: 08[IKE] <con1|21>IDir 'LAB-FW1.acmy.com' does not match to 'yy.yy.yy.yy'
Sep 25 10:11:10 pfsense charon: 08[IKE] IDir 'LAB-FW1.acmy.com' does not match to 'yy.yy.yy.yy'
Sep 25 10:11:10 pfsense charon: 08[ENC] generating INFORMATIONAL_V1 request 3665657818 [ N(INVAL_ID) ]
Sep 25 10:11:10 pfsense charon: 08[NET] sending packet: from xx.xx.xx.xx[500] to yy.yy.yy.yy[500] (56 bytes)</con1|21></con1|21></con1|21></con1|21></con1|21></con1|21></con1|21> -
Can you describe your configuration?
I would assume that if you send as peer ID its dns name would match that, no? -
site-to-site using peer ip
-
I need details!
I need to see your configration to replicate. -
Please tell me what to send you
-
Same Problem here, IDir 'Domain.name' does not match to 'IP address'.
But I can Access the remote Firewall over Domain Name or IP address (using zoneedit).
The Domain Name does have another reverse IP Name as it is from the Internet Provider.
It's a ipseq pfsense <-> m0n0wall.