Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Working IPSEC in 2.15 not working in 2.2

    2.2 Snapshot Feedback and Problems - RETIRED
    2
    3
    1332
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      STI2011 last edited by

      Hi,
      yesterday I have converted my well running 2.15 to 2.2. After restarting everything is working fine except a fixed ipsec tunnel.

      It's starting the tunnel but seems not to complete it.

      Log from other side (Clavister SG):

      IPSEC: id=01802703 rev=1 event=ike_sa_negotiation_completed action=ike_sa_completed local_peer="x.x.x.x ID x.x.x.x" remote_peer="y.y.y.y:13856 ID y.y.y.y" initiator_spi="ad3baeb7 a71971b7" responder_spi="006a2cbb a6f22e46" int_severity=6 
      
      

      pfsense log:

      Oct 29 09:16:34 	charon: 08[IKE] <con1|5> IKE_SA con1[5] established between y.y.y.y[y.y.y.y]...x.x.x.x[x.x.x.x]
      Oct 29 09:16:34 	charon: 08[IKE] IKE_SA con1[5] established between y.y.y.y[y.y.y.y]...x.x.x.x[x.x.x.x]
      Oct 29 09:16:34 	charon: 08[IKE] <con1|5> scheduling reauthentication in 7328s
      Oct 29 09:16:34 	charon: 08[IKE] scheduling reauthentication in 7328s
      Oct 29 09:16:34 	charon: 08[IKE] <con1|5> maximum IKE_SA lifetime 7868s
      Oct 29 09:16:34 	charon: 08[IKE] maximum IKE_SA lifetime 7868s
      Oct 29 09:16:37 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:16:37 	charon: 12[CFG] ignoring acquire, connection attempt pending
      Oct 29 09:16:43 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:16:43 	charon: 09[CFG] ignoring acquire, connection attempt pending
      Oct 29 09:16:49 	charon: 09[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:16:49 	charon: 08[CFG] ignoring acquire, connection attempt pending
      Oct 29 09:16:55 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:16:55 	charon: 09[CFG] ignoring acquire, connection attempt pending
      Oct 29 09:16:58 	charon: 09[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:16:58 	charon: 08[CFG] ignoring acquire, connection attempt pending
      Oct 29 09:17:04 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:17:04 	charon: 09[CFG] ignoring acquire, connection attempt pending</con1|5></con1|5></con1|5>
      

      Ipsec-Status from the gui says 'established' and SPDs are there. The other side shows the tunnel down.

      Anything I can do?

      Greetings

      Nico

      1 Reply Last reply Reply Quote 0
      • E
        eri-- last edited by

        That is something blocking the connection from happening?
        Firewall rules maybe?

        1 Reply Last reply Reply Quote 0
        • S
          STI2011 last edited by

          Both sides firewall logs are ok. I have inspected all logs, tried to use different interfaces, but always with the same result. The value in the interface field seems to be ignored…

          Status -> Ipsec shows the tunnle up, Dashboard -> ipsec -> tunnels shows phase 2 down.

          Also after yesterdays snapshot, i wasn't able to ping connected openvpn clients any more from the lan. ping from pfsense was still possible.

          After switching back to 2.15 with the same config everything was working...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy