Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Working IPSEC in 2.15 not working in 2.2

    2.2 Snapshot Feedback and Problems - RETIRED
    2
    3
    1341
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      STI2011 last edited by

      Hi,
      yesterday I have converted my well running 2.15 to 2.2. After restarting everything is working fine except a fixed ipsec tunnel.

      It's starting the tunnel but seems not to complete it.

      Log from other side (Clavister SG):

      IPSEC: id=01802703 rev=1 event=ike_sa_negotiation_completed action=ike_sa_completed local_peer="x.x.x.x ID x.x.x.x" remote_peer="y.y.y.y:13856 ID y.y.y.y" initiator_spi="ad3baeb7 a71971b7" responder_spi="006a2cbb a6f22e46" int_severity=6 
      
      

      pfsense log:

      Oct 29 09:16:34 	charon: 08[IKE] <con1|5> IKE_SA con1[5] established between y.y.y.y[y.y.y.y]...x.x.x.x[x.x.x.x]
      Oct 29 09:16:34 	charon: 08[IKE] IKE_SA con1[5] established between y.y.y.y[y.y.y.y]...x.x.x.x[x.x.x.x]
      Oct 29 09:16:34 	charon: 08[IKE] <con1|5> scheduling reauthentication in 7328s
      Oct 29 09:16:34 	charon: 08[IKE] scheduling reauthentication in 7328s
      Oct 29 09:16:34 	charon: 08[IKE] <con1|5> maximum IKE_SA lifetime 7868s
      Oct 29 09:16:34 	charon: 08[IKE] maximum IKE_SA lifetime 7868s
      Oct 29 09:16:37 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:16:37 	charon: 12[CFG] ignoring acquire, connection attempt pending
      Oct 29 09:16:43 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:16:43 	charon: 09[CFG] ignoring acquire, connection attempt pending
      Oct 29 09:16:49 	charon: 09[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:16:49 	charon: 08[CFG] ignoring acquire, connection attempt pending
      Oct 29 09:16:55 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:16:55 	charon: 09[CFG] ignoring acquire, connection attempt pending
      Oct 29 09:16:58 	charon: 09[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:16:58 	charon: 08[CFG] ignoring acquire, connection attempt pending
      Oct 29 09:17:04 	charon: 08[KNL] creating acquire job for policy y.y.y.y/32|/0 === x.x.x.x/32|/0 with reqid {1}
      Oct 29 09:17:04 	charon: 09[CFG] ignoring acquire, connection attempt pending</con1|5></con1|5></con1|5>
      

      Ipsec-Status from the gui says 'established' and SPDs are there. The other side shows the tunnel down.

      Anything I can do?

      Greetings

      Nico

      1 Reply Last reply Reply Quote 0
      • E
        eri-- last edited by

        That is something blocking the connection from happening?
        Firewall rules maybe?

        1 Reply Last reply Reply Quote 0
        • S
          STI2011 last edited by

          Both sides firewall logs are ok. I have inspected all logs, tried to use different interfaces, but always with the same result. The value in the interface field seems to be ignored…

          Status -> Ipsec shows the tunnle up, Dashboard -> ipsec -> tunnels shows phase 2 down.

          Also after yesterdays snapshot, i wasn't able to ping connected openvpn clients any more from the lan. ping from pfsense was still possible.

          After switching back to 2.15 with the same config everything was working...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post