Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec peer not responding

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mattias.thorsenfloorit.s
      last edited by

      I have had an VPN up and running but suddenly it disconnected and gets stuck on connecting. I have done plenty of troubleshooting and even created new Phase 1 + Phase 2 entries.
      It refuses to connect and gets stuck on connected. I have disabled IPsec and the tunnel(s) several times and rebooted the pfsense twice.

      It is possible to ping the remote gateway of the VPN but not through it obviously. When I switch to aggressive it stays disconnect and cant even connect.

      I am attaching a file with the logging.

      Most of the problem seems to be peer not responding but I can as I said ping it and I have checked the PSK 3 times. We also have like 35 existing VPNS to that remote gateway working and I have used PFsense like 7 times before on those existing VPNs.

      Version is 2.2.2

      I tried to format the FW and let it stay @ 2.2.1 and do it all over again but the same issue occurs, however the other firewall has no problems with other PFsense ipsec VPNS.

      Plz help,

      Best regards
      Mattias

      PFsenseUDE2.PNG
      PFsenseUDE2.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        Maybe you should not trigger a connection but just wait on the other side to do so, you are called a responder only in this case and there is an option in th eGUI for it.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          The other side should show something more useful in that case as to why it isn't responding. Or if it shows nothing, you'll know the traffic isn't reaching it.

          The fact that it's switching to NAT-T (port 4500) is usually indicative of a config problem with site to site VPNs, since neither end is using NAT generally. Though if one of the endpoints is NATed, then it's probably not replying because you're not forwarding UDP 4500 through the NAT.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.