1. Home
  2. pfSense® Software
  3. IPsec
  4. [solved] Mobile stopped working after modem upgrade

[solved] Mobile stopped working after modem upgrade

  • maxxer

    Hi.
    Since the upgrade to 2.2.5 my mobile IPSec configuration is not working anymore. The configuration is here attached, but I didn't change anything since before the upgrade.

    What appears strange to me is that the Android client returns Gateway is unreachable, tough OpenVPN in the very same condition connects instantly. Here's the strongswan's android log

    Nov 13 08:01:50 00[DMN] Starting IKE charon daemon (strongSwan 5.3.3dr1, Linux 3.4.0-perf-g7337331, armv7l)
Nov 13 08:01:50 00[LIB] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc eap-tls
Nov 13 08:01:50 00[JOB] spawning 16 worker threads
Nov 13 08:01:50 13[IKE] initiating IKE_SA android[14] to my.ipsec.host
Nov 13 08:01:50 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
Nov 13 08:01:50 13[NET] sending packet: from 10.12.217.144[54751] to my.ipsec.host[500] (1012 bytes)
Nov 13 08:01:52 10[IKE] retransmit 1 of request with message ID 0
Nov 13 08:01:52 10[NET] sending packet: from 10.12.217.144[54751] to my.ipsec.host[500] (1012 bytes)
Nov 13 08:01:55 09[IKE] retransmit 2 of request with message ID 0
Nov 13 08:01:55 09[NET] sending packet: from 10.12.217.144[54751] to my.ipsec.host[500] (1012 bytes)
Nov 13 08:01:59 08[IKE] retransmit 3 of request with message ID 0
Nov 13 08:01:59 08[NET] sending packet: from 10.12.217.144[54751] to my.ipsec.host[500] (1012 bytes)
Nov 13 08:02:05 07[IKE] giving up after 3 retransmits
Nov 13 08:02:05 07[IKE] peer not responding, trying again (2/0)
Nov 13 08:02:05 07[IKE] initiating IKE_SA android[14] to my.ipsec.host
Nov 13 08:02:05 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
Nov 13 08:02:05 07[NET] sending packet: from 10.12.217.144[54751] to my.ipsec.host[500] (1012 bytes)
Nov 13 08:02:05 04[IKE] destroying IKE_SA in state CONNECTING without notification

    Any hint is welcome! Thanks in advance
    ![screenshot-10.22.22.1 10443 2015-11-13 08-00-00.png](/public/imported_attachments/1/screenshot-10.22.22.1 10443 2015-11-13 08-00-00.png)
    ![screenshot-10.22.22.1 10443 2015-11-13 08-00-00.png_thumb](/public/imported_attachments/1/screenshot-10.22.22.1 10443 2015-11-13 08-00-00.png_thumb)
    ![screenshot-10.22.22.1 10443 2015-11-13 08-00-51.png](/public/imported_attachments/1/screenshot-10.22.22.1 10443 2015-11-13 08-00-51.png)
    ![screenshot-10.22.22.1 10443 2015-11-13 08-00-51.png_thumb](/public/imported_attachments/1/screenshot-10.22.22.1 10443 2015-11-13 08-00-51.png_thumb)
    ![screenshot-10.22.22.1 10443 2015-11-13 08-02-14.png](/public/imported_attachments/1/screenshot-10.22.22.1 10443 2015-11-13 08-02-14.png)
    ![screenshot-10.22.22.1 10443 2015-11-13 08-02-14.png_thumb](/public/imported_attachments/1/screenshot-10.22.22.1 10443 2015-11-13 08-02-14.png_thumb)

    0
  • C

    Client log indicates nothing is replying. Anything on the server-side IPsec log? I'm guessing not, as the likely scsenario that would lead to no reply means the traffic doesn't actually make it across (getting blocked by something, most often). Any blocks from the client's IP in your firewall logs?

    0
  • maxxer

    @cmb:

    Client log indicates nothing is replying. Anything on the server-side IPsec log? I'm guessing not, as the likely scsenario that would lead to no reply means the traffic doesn't actually make it across (getting blocked by something, most often). Any blocks from the client's IP in your firewall logs?

    Indeed I forgot to mention I see nothing on the pfSense side, but I have other IPSec connection established.
    I also got an upgrade of ISP's modem few days ago, I don't know if this could matter, but pfSense has a public IP (so bridged, no forwards) and it stopped working before that.

    0
  • maxxer

    disabled every firewall on the modem, restarted it over, ipsec working again :/

    thanks anyway

    0
  • C

    Thanks for the follow up. The ones that were working had to have been initiators rather than responders in that case, as your modem likely was only blocking inbound, not outbound, traffic.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy