Working IPSEC in 2.15 not working in 2.2
-
Hi,
yesterday I have converted my well running 2.15 to 2.2. After restarting everything is working fine except a fixed ipsec tunnel.It's starting the tunnel but seems not to complete it.
Log from other side (Clavister SG):
IPSEC: id=01802703 rev=1 event=ike_sa_negotiation_completed action=ike_sa_completed local_peer="x.x.x.x ID x.x.x.x" remote_peer="y.y.y.y:13856 ID y.y.y.y" initiator_spi="ad3baeb7 a71971b7" responder_spi="006a2cbb a6f22e46" int_severity=6pfsense log:
Oct 29 09:16:34 charon: 08[IKE] <con1|5> IKE_SA con1[5] established between y.y.y.y[y.y.y.y]...x.x.x.x[x.x.x.x] Oct 29 09:16:34 charon: 08[IKE] IKE_SA con1[5] established between y.y.y.y[y.y.y.y]...x.x.x.x[x.x.x.x] Oct 29 09:16:34 charon: 08[IKE] <con1|5> scheduling reauthentication in 7328s Oct 29 09:16:34 charon: 08[IKE] scheduling reauthentication in 7328s Oct 29 09:16:34 charon: 08[IKE] <con1|5> maximum IKE_SA lifetime 7868s Oct 29 09:16:34 charon: 08[IKE] maximum IKE_SA lifetime 7868s Oct 29 09:16:37 charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1} Oct 29 09:16:37 charon: 12[CFG] ignoring acquire, connection attempt pending Oct 29 09:16:43 charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1} Oct 29 09:16:43 charon: 09[CFG] ignoring acquire, connection attempt pending Oct 29 09:16:49 charon: 09[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1} Oct 29 09:16:49 charon: 08[CFG] ignoring acquire, connection attempt pending Oct 29 09:16:55 charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1} Oct 29 09:16:55 charon: 09[CFG] ignoring acquire, connection attempt pending Oct 29 09:16:58 charon: 09[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1} Oct 29 09:16:58 charon: 08[CFG] ignoring acquire, connection attempt pending Oct 29 09:17:04 charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1} Oct 29 09:17:04 charon: 09[CFG] ignoring acquire, connection attempt pending</con1|5></con1|5></con1|5>Ipsec-Status from the gui says 'established' and SPDs are there. The other side shows the tunnel down.
Anything I can do?
Greetings
Nico
-
That is something blocking the connection from happening?
Firewall rules maybe? -
Both sides firewall logs are ok. I have inspected all logs, tried to use different interfaces, but always with the same result. The value in the interface field seems to be ignored…
Status -> Ipsec shows the tunnle up, Dashboard -> ipsec -> tunnels shows phase 2 down.
Also after yesterdays snapshot, i wasn't able to ping connected openvpn clients any more from the lan. ping from pfsense was still possible.
After switching back to 2.15 with the same config everything was working...