IPSec status connecting
geocast last edited by
Attached I have a picture of an issue I have with IPSec site-to-site tunnels.
As you can see, there are two connections with the status "connecting". These are part of the fourth connection (You can see it with B… P1, with IP ending .230)
The tunnel works and I can ping with no loss or anything. But I have these issues with just about all my connections (17 Phase 1 connections and normally 34 Phase 2 connections, but currently down on 17 Phase 2, as there seems to be an issue with multiple Phase 2 connections). This happens every minute or so.
Logs don't give me much info. Is this something anyone else has? Site-to-site is between this pfsense and the rest are various type of Zyxel Zywall USG 20, 40 and 50.
These are some records I got out of the log:
charon: 09[IKE] <44> message parsing failed
charon: 09[ENC] <44> invalid ID_V1 payload length, decryption failed?
charon: 09[IKE] <46> ID_PROT request with message ID 0 processing failed
charon: 09[ENC] <46> could not decrypt payloads
Anybody else having these issues?
![IPSec status.jpg](/public/imported_attachments/1/IPSec status.jpg)
![IPSec status.jpg_thumb](/public/imported_attachments/1/IPSec status.jpg_thumb)
cmb last edited by
Means the remote end is trying to initiate a connection (hence the "responder" part), with settings that don't match what you have configured.
If you're on 2.2.3 or newer, multiple P2 is fine.