[solved]Double Tunnels between one multiwan site and one singlewan site



  • My setup are

    Site A: Pfsense 2.2.4 (64 bits)
    WAN1 with ISP-A with public IPs  subnet 192.168.254.0
    WAN2 with ISP-B with public IPs  subnet 192.168.253.0

    Site B: Pfsense 2.2.4 (64 bits
    WAN1 with ISP-C with public IPs  (using x.x.x.62 as the main ip and using x.x.x.58 as secondary ip)

    I can create and connect successful with all network functionality

    Site A - WAN2 subnet 192.168.253.0  to  Site B - WAN1 x.x.x.62 192.168.7.0

    However, I cannot connect

    Site A - WAN1 subnet 192.168.254.0  to  Site B - WAN1 x.x.x.58 192.168.7.0

    Site B IPSec Log are as follow

    # cat ipsec.log|grep con2000\|1977
    Nov  5 11:11:03 pfsense charon: 09[IKE] <con2000|1977> initiating Main Mode IKE_SA con2000[1977] to #SITE A - WAN1#
    Nov  5 11:11:03 pfsense charon: 09[IKE] <con2000|1977> initiating Main Mode IKE_SA con2000[1977] to #SITE A - WAN1#
    Nov  5 11:11:03 pfsense charon: 09[ENC] <con2000|1977> generating ID_PROT request 0 [ SA V V V V V V ]
    Nov  5 11:11:03 pfsense charon: 09[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:11:07 pfsense charon: 09[IKE] <con2000|1977> sending retransmit 1 of request message ID 0, seq 1
    Nov  5 11:11:07 pfsense charon: 09[IKE] <con2000|1977> sending retransmit 1 of request message ID 0, seq 1
    Nov  5 11:11:07 pfsense charon: 09[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:11:15 pfsense charon: 08[IKE] <con2000|1977> sending retransmit 2 of request message ID 0, seq 1
    Nov  5 11:11:15 pfsense charon: 08[IKE] <con2000|1977> sending retransmit 2 of request message ID 0, seq 1
    Nov  5 11:11:15 pfsense charon: 08[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:11:28 pfsense charon: 14[IKE] <con2000|1977> sending retransmit 3 of request message ID 0, seq 1
    Nov  5 11:11:28 pfsense charon: 14[IKE] <con2000|1977> sending retransmit 3 of request message ID 0, seq 1
    Nov  5 11:11:28 pfsense charon: 14[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:11:52 pfsense charon: 08[IKE] <con2000|1977> sending retransmit 4 of request message ID 0, seq 1
    Nov  5 11:11:52 pfsense charon: 08[IKE] <con2000|1977> sending retransmit 4 of request message ID 0, seq 1
    Nov  5 11:11:52 pfsense charon: 08[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:12:34 pfsense charon: 13[IKE] <con2000|1977> sending retransmit 5 of request message ID 0, seq 1
    Nov  5 11:12:34 pfsense charon: 13[IKE] <con2000|1977> sending retransmit 5 of request message ID 0, seq 1
    Nov  5 11:12:34 pfsense charon: 13[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:13:49 pfsense charon: 15[IKE] <con2000|1977> giving up after 5 retransmits
    Nov  5 11:13:49 pfsense charon: 15[IKE] <con2000|1977> giving up after 5 retransmits
    Nov  5 11:13:49 pfsense charon: 15[IKE] <con2000|1977> peer not responding, trying again (2/3)
    Nov  5 11:13:49 pfsense charon: 15[IKE] <con2000|1977> peer not responding, trying again (2/3)
    Nov  5 11:13:49 pfsense charon: 15[IKE] <con2000|1977> initiating Main Mode IKE_SA con2000[1977] to #SITE A - WAN1#
    Nov  5 11:13:49 pfsense charon: 15[IKE] <con2000|1977> initiating Main Mode IKE_SA con2000[1977] to #SITE A - WAN1#
    Nov  5 11:13:49 pfsense charon: 15[ENC] <con2000|1977> generating ID_PROT request 0 [ SA V V V V V V ]
    Nov  5 11:13:49 pfsense charon: 15[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:13:53 pfsense charon: 15[IKE] <con2000|1977> sending retransmit 1 of request message ID 0, seq 1
    Nov  5 11:13:53 pfsense charon: 15[IKE] <con2000|1977> sending retransmit 1 of request message ID 0, seq 1
    Nov  5 11:13:53 pfsense charon: 15[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:14:01 pfsense charon: 15[IKE] <con2000|1977> sending retransmit 2 of request message ID 0, seq 1
    Nov  5 11:14:01 pfsense charon: 15[IKE] <con2000|1977> sending retransmit 2 of request message ID 0, seq 1
    Nov  5 11:14:01 pfsense charon: 15[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:14:14 pfsense charon: 14[IKE] <con2000|1977> sending retransmit 3 of request message ID 0, seq 1
    Nov  5 11:14:14 pfsense charon: 14[IKE] <con2000|1977> sending retransmit 3 of request message ID 0, seq 1
    Nov  5 11:14:14 pfsense charon: 14[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:14:37 pfsense charon: 08[IKE] <con2000|1977> sending retransmit 4 of request message ID 0, seq 1
    Nov  5 11:14:37 pfsense charon: 08[IKE] <con2000|1977> sending retransmit 4 of request message ID 0, seq 1
    Nov  5 11:14:37 pfsense charon: 08[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:15:19 pfsense charon: 11[IKE] <con2000|1977> sending retransmit 5 of request message ID 0, seq 1
    Nov  5 11:15:19 pfsense charon: 11[IKE] <con2000|1977> sending retransmit 5 of request message ID 0, seq 1
    Nov  5 11:15:19 pfsense charon: 11[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:16:35 pfsense charon: 13[IKE] <con2000|1977> giving up after 5 retransmits
    Nov  5 11:16:35 pfsense charon: 13[IKE] <con2000|1977> giving up after 5 retransmits
    Nov  5 11:16:35 pfsense charon: 13[IKE] <con2000|1977> peer not responding, trying again (3/3)
    Nov  5 11:16:35 pfsense charon: 13[IKE] <con2000|1977> peer not responding, trying again (3/3)
    Nov  5 11:16:35 pfsense charon: 13[IKE] <con2000|1977> initiating Main Mode IKE_SA con2000[1977] to #SITE A - WAN1#
    Nov  5 11:16:35 pfsense charon: 13[IKE] <con2000|1977> initiating Main Mode IKE_SA con2000[1977] to #SITE A - WAN1#
    Nov  5 11:16:35 pfsense charon: 13[ENC] <con2000|1977> generating ID_PROT request 0 [ SA V V V V V V ]
    Nov  5 11:16:35 pfsense charon: 13[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:16:39 pfsense charon: 13[IKE] <con2000|1977> sending retransmit 1 of request message ID 0, seq 1
    Nov  5 11:16:39 pfsense charon: 13[IKE] <con2000|1977> sending retransmit 1 of request message ID 0, seq 1
    Nov  5 11:16:39 pfsense charon: 13[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:16:46 pfsense charon: 13[IKE] <con2000|1977> sending retransmit 2 of request message ID 0, seq 1
    Nov  5 11:16:46 pfsense charon: 13[IKE] <con2000|1977> sending retransmit 2 of request message ID 0, seq 1
    Nov  5 11:16:46 pfsense charon: 13[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:16:59 pfsense charon: 07[IKE] <con2000|1977> sending retransmit 3 of request message ID 0, seq 1
    Nov  5 11:16:59 pfsense charon: 07[IKE] <con2000|1977> sending retransmit 3 of request message ID 0, seq 1
    Nov  5 11:16:59 pfsense charon: 07[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:17:22 pfsense charon: 07[IKE] <con2000|1977> sending retransmit 4 of request message ID 0, seq 1
    Nov  5 11:17:22 pfsense charon: 07[IKE] <con2000|1977> sending retransmit 4 of request message ID 0, seq 1
    Nov  5 11:17:22 pfsense charon: 07[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)
    Nov  5 11:18:04 pfsense charon: 11[IKE] <con2000|1977> sending retransmit 5 of request message ID 0, seq 1
    Nov  5 11:18:04 pfsense charon: 11[IKE] <con2000|1977> sending retransmit 5 of request message ID 0, seq 1
    Nov  5 11:18:04 pfsense charon: 11[NET] <con2000|1977> sending packet: from SITE B - x.x.x.58[500] to #SITE A - WAN1#[500] (200 bytes)</con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977></con2000|1977>
    ``` 
    
    Please help


  • problem solved…

    I have a misconfig @ Virtual IP.... silly me...


Log in to reply