Pfsense 2.1.5 -> 2.2.2
-
After the upgrade it's like a mess, the IPSec Server for iOS client works great, while my Sony Tablet Z3 running android 5.0 can't connect to the upgraded pfsense box.
Luck I have taken the vm snapshot.
Between, please find the error below, any guys have clues on this? Any setting need to fine tune after the upgrade?
Error Log:
May 24 11:37:15 charon: 05[JOB] <con1|5>deleting half open IKE_SA after timeout
May 24 11:37:12 charon: 05[NET] <con1|5>sending packet: from 1.64.169.124[500] to 182.239.81.68[1011] (432 bytes)
May 24 11:37:12 charon: 05[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:12 charon: 05[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:12 charon: 05[NET] <con1|5>received packet: from 182.239.81.68[1011] to 1.64.169.124[500] (894 bytes)
May 24 11:37:09 charon: 05[NET] <con1|5>sending packet: from 1.64.169.124[500] to 182.239.81.68[1011] (432 bytes)
May 24 11:37:09 charon: 05[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:09 charon: 05[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:09 charon: 05[NET] <con1|5>received packet: from 182.239.81.68[1011] to 1.64.169.124[500] (894 bytes)
May 24 11:37:09 charon: 11[NET] <con1|5>sending packet: from 1.64.169.124[500] to 182.239.81.68[1011] (432 bytes)
May 24 11:37:09 charon: 11[IKE] <con1|5>sending retransmit 3 of response message ID 0, seq 1
May 24 11:37:09 charon: 11[IKE] <con1|5>sending retransmit 3 of response message ID 0, seq 1
May 24 11:37:06 charon: 11[NET] <con1|5>sending packet: from 1.64.169.124[500] to 182.239.81.68[1011] (432 bytes)
May 24 11:37:06 charon: 11[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:06 charon: 11[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:06 charon: 11[NET] <con1|5>received packet: from 182.239.81.68[1011] to 1.64.169.124[500] (894 bytes)
May 24 11:37:03 charon: 11[NET] <con1|5>sending packet: from 1.64.169.124[500] to 182.239.81.68[1011] (432 bytes)
May 24 11:37:03 charon: 11[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:03 charon: 11[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:03 charon: 11[NET] <con1|5>received packet: from 182.239.81.68[1011] to 1.64.169.124[500] (894 bytes)
May 24 11:37:10 charon: 11[NET] <con1|5>sending packet: from 1.64.169.124[500] to 182.239.81.68[1011] (432 bytes)
May 24 11:37:10 charon: 11[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:10 charon: 11[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:10 charon: 11[NET] <con1|5>received packet: from 182.239.81.68[1011] to 1.64.169.124[500] (894 bytes)
May 24 11:37:07 charon: 11[NET] <con1|5>sending packet: from 1.64.169.124[500] to 182.239.81.68[1011] (432 bytes)
May 24 11:37:07 charon: 11[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:07 charon: 11[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:07 charon: 11[NET] <con1|5>received packet: from 182.239.81.68[1011] to 1.64.169.124[500] (894 bytes)
May 24 11:37:05 charon: 11[NET] <con1|5>sending packet: from 1.64.169.124[500] to 182.239.81.68[1011] (432 bytes)
May 24 11:37:05 charon: 11[IKE] <con1|5>sending retransmit 2 of response message ID 0, seq 1
May 24 11:37:05 charon: 11[IKE] <con1|5>sending retransmit 2 of response message ID 0, seq 1
May 24 11:37:04 charon: 11[NET] <con1|5>sending packet: from 1.64.169.124[500] to 182.239.81.68[1011] (432 bytes)
May 24 11:37:04 charon: 11[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response
May 24 11:37:04 charon: 11[IKE] <con1|5>received retransmit of request with ID 0, retransmitting response</con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5> -
Have you read the release notes on changes from 2.1 to 2.2? Have you read other posts on this forum? Some config examples might help.
Anyway, check your phase 1 settings at both ends. If NAT is involved at either end then that may have worked 2.1 to 2.1 but won't with 2.2, you will have to set the identifiers accordingly.
There is an IPSEC debugging guide here https://doc.pfsense.org/index.php/IPsec_Troubleshooting .