IPSec status connecting



  • Good Morning

    Attached I have a picture of an issue I have with IPSec site-to-site tunnels.

    As you can see, there are two connections with the status "connecting". These are part of the fourth connection (You can see it with B… P1, with IP ending .230)

    The tunnel works and I can ping with no loss or anything. But I have these issues with just about all my connections (17 Phase 1 connections and normally 34 Phase 2 connections, but currently down on 17 Phase 2, as there seems to be an issue with multiple Phase 2 connections). This happens every minute or so.

    Logs don't give me much info. Is this something anyone else has? Site-to-site is between this pfsense and the rest are various type of Zyxel Zywall USG 20, 40 and 50.

    These are some records I got out of the log:

    charon: 09[IKE] <44> message parsing failed

    charon: 09[ENC] <44> invalid ID_V1 payload length, decryption failed?

    charon: 09[IKE] <46> ID_PROT request with message ID 0 processing failed

    charon: 09[ENC] <46> could not decrypt payloads

    Anybody else having these issues?

    Thank you!
    ![IPSec status.jpg](/public/imported_attachments/1/IPSec status.jpg)
    ![IPSec status.jpg_thumb](/public/imported_attachments/1/IPSec status.jpg_thumb)



  • Means the remote end is trying to initiate a connection (hence the "responder" part), with settings that don't match what you have configured.

    If you're on 2.2.3 or newer, multiple P2 is fine.