Working IPSEC in 2.15 not working in 2.2



  • Hi,
    yesterday I have converted my well running 2.15 to 2.2. After restarting everything is working fine except a fixed ipsec tunnel.

    It's starting the tunnel but seems not to complete it.

    Log from other side (Clavister SG):

    IPSEC: id=01802703 rev=1 event=ike_sa_negotiation_completed action=ike_sa_completed local_peer="x.x.x.x ID x.x.x.x" remote_peer="y.y.y.y:13856 ID y.y.y.y" initiator_spi="ad3baeb7 a71971b7" responder_spi="006a2cbb a6f22e46" int_severity=6 
    
    

    pfsense log:

    Oct 29 09:16:34 	charon: 08[IKE] <con1|5> IKE_SA con1[5] established between y.y.y.y[y.y.y.y]...x.x.x.x[x.x.x.x]
    Oct 29 09:16:34 	charon: 08[IKE] IKE_SA con1[5] established between y.y.y.y[y.y.y.y]...x.x.x.x[x.x.x.x]
    Oct 29 09:16:34 	charon: 08[IKE] <con1|5> scheduling reauthentication in 7328s
    Oct 29 09:16:34 	charon: 08[IKE] scheduling reauthentication in 7328s
    Oct 29 09:16:34 	charon: 08[IKE] <con1|5> maximum IKE_SA lifetime 7868s
    Oct 29 09:16:34 	charon: 08[IKE] maximum IKE_SA lifetime 7868s
    Oct 29 09:16:37 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
    Oct 29 09:16:37 	charon: 12[CFG] ignoring acquire, connection attempt pending
    Oct 29 09:16:43 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
    Oct 29 09:16:43 	charon: 09[CFG] ignoring acquire, connection attempt pending
    Oct 29 09:16:49 	charon: 09[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
    Oct 29 09:16:49 	charon: 08[CFG] ignoring acquire, connection attempt pending
    Oct 29 09:16:55 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
    Oct 29 09:16:55 	charon: 09[CFG] ignoring acquire, connection attempt pending
    Oct 29 09:16:58 	charon: 09[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
    Oct 29 09:16:58 	charon: 08[CFG] ignoring acquire, connection attempt pending
    Oct 29 09:17:04 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
    Oct 29 09:17:04 	charon: 09[CFG] ignoring acquire, connection attempt pending</con1|5></con1|5></con1|5>
    

    Ipsec-Status from the gui says 'established' and SPDs are there. The other side shows the tunnel down.

    Anything I can do?

    Greetings

    Nico



  • That is something blocking the connection from happening?
    Firewall rules maybe?



  • Both sides firewall logs are ok. I have inspected all logs, tried to use different interfaces, but always with the same result. The value in the interface field seems to be ignored…

    Status -> Ipsec shows the tunnle up, Dashboard -> ipsec -> tunnels shows phase 2 down.

    Also after yesterdays snapshot, i wasn't able to ping connected openvpn clients any more from the lan. ping from pfsense was still possible.

    After switching back to 2.15 with the same config everything was working...