IPSEC VPN borked



  • HI,

    I created a site-to-site VPN tunnel on Tuesday and after a little tinkering all was working perfectly.  However after 1 day (86400 seconds) the tunnel closed and now won;t rekey. 
    I am seeing the following two lines in the IPsec logs:

    Jul 2 12:39:03 charon: 07[IKE] <29> found 1 matching config, but none allows pre-shared key authentication using Main Mode
    Jul 2 12:39:03 charon: 07[IKE] found 1 matching config, but none allows pre-shared key authentication using Main Mode

    However nothing has been changed on either side of the tunnel, I have pfsense 2.2.1 on one end and a Zywall on the other, both are set up as PSK in main mode.  Trouble is I have to ship the Zywall off to site pre configured, all but an IP address change once it gets to site, and am a little stuck now.

    Drac



  • Double check your configuration. IKEv1, main mode? If you had something that worked, it came up, then you changed something so it no longer matches (like switching to IKEv2 for instance for that log), the already-negotiated connection would stay up for the lifetime. Then come time to rekey, it fails as the config is no longer valid.