Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec not comming up

    IPsec
    1
    1
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bartvleeshakker
      last edited by

      Hello,
      Since this morning 4 of the 60 ipsec tunnels are down spontaniously at 6am. There is nothing configured to run at 6am.
      In the log file i can see that me and the remote site are negotiating, but then some errors occur, while the configs are already running for some time.
      Have you ever seen this and how can i solve it?

      Dec 4 12:27:17 charon: 02[CFG] <102524> selected proposal: IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
      Dec 4 12:27:17 charon: 02[CFG] <102524> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP, IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_16
      Dec 4 12:27:17 charon: 02[CFG] <102524> received proposals: IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Dec 4 12:27:17 charon: 02[CFG] <102524> proposal matches
      Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
      Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
      Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
      Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
      Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
      Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
      Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
      Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
      Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
      Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
      Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
      Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
      Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
      Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable DIFFIE_HELLMAN_GROUP found
      Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
      Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable PSEUDO_RANDOM_FUNCTION found
      Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
      Dec 4 12:27:17 charon: 02[IKE] <102524> IKE_SA (unnamed)[102524] state change: CREATED => CONNECTING
      Dec 4 12:27:17 charon: 02[IKE] <102524> 213.126.83.234 is initiating a Aggressive Mode IKE_SA
      Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
      Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Dec 4 12:27:17 charon: 02[IKE] <102524> received NAT-T (RFC 3947) vendor ID
      Dec 4 12:27:17 charon: 02[IKE] <102524> received DPD vendor ID
      Dec 4 12:27:17 charon: 02[CFG] <102524> found matching ike config: %any…%any with prio 24
      Dec 4 12:27:17 charon: 02[CFG] <102524> candidate: %any…%any, prio 24
      Dec 4 12:27:17 charon: 02[CFG] <102524> looking for an ike config for 89.30.146.169…213.126.83.234
      Dec 4 12:27:17 charon: 02[ENC] <102524> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
      Dec 4 12:27:17 charon: 02[NET] <102524> received packet: from 213.126.83.234[500] to 89.30.146.169[500] (496 bytes)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.