Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Tunnel Stopped Working…

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mbrossar
      last edited by

      I had an IPsec tunnel running between two PFSense boxes.  Since updating both to v2.2.5, my tunnel does not start.  My log looks like this…

      Dec 18 21:43:57 ipsec_starter[75407]: Starting strongSwan 5.3.3 IPsec [starter]…
      Dec 18 21:43:57 ipsec_starter[75407]: no netkey IPsec stack detected
      Dec 18 21:43:57 ipsec_starter[75407]: no KLIPS IPsec stack detected
      Dec 18 21:43:57 ipsec_starter[75407]: no known IPsec stack detected, ignoring!
      Dec 18 21:43:57 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.3, FreeBSD 10.1-RELEASE-p24, i386)
      Dec 18 21:43:57 charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
      Dec 18 21:43:57 charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
      Dec 18 21:43:57 charon: 00[CFG] ipseckey plugin is disabled
      Dec 18 21:43:57 charon: 00[CFG] loading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Dec 18 21:43:57 charon: 00[CFG] loading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Dec 18 21:43:57 charon: 00[CFG] loading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Dec 18 21:43:57 charon: 00[CFG] loading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Dec 18 21:43:57 charon: 00[CFG] loading crls from '/var/etc/ipsec/ipsec.d/crls'
      Dec 18 21:43:57 charon: 00[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Dec 18 21:43:57 charon: 00[CFG] loaded IKE secret for %any 192.64.119.254
      Dec 18 21:43:57 charon: 00[CFG] opening triplet file /var/etc/ipsec/ipsec.d/triplets.dat failed: No such file or directory
      Dec 18 21:43:57 charon: 00[CFG] loaded 0 RADIUS server configurations
      Dec 18 21:43:57 charon: 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-sim eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock unity
      Dec 18 21:43:57 charon: 00[JOB] spawning 16 worker threads
      Dec 18 21:43:57 ipsec_starter[76120]: charon (76489) started after 280 ms
      Dec 18 21:43:57 charon: 06[CFG] received stroke: add connection 'bypasslan'
      Dec 18 21:43:57 charon: 06[CFG] added configuration 'bypasslan'
      Dec 18 21:43:57 charon: 16[CFG] received stroke: route 'bypasslan'
      Dec 18 21:43:57 ipsec_starter[76120]: 'bypasslan' shunt PASS policy installed
      Dec 18 21:43:57 ipsec_starter[76120]: 
      Dec 18 21:43:57 charon: 06[CFG] received stroke: add connection 'con1000'
      Dec 18 21:43:57 charon: 06[CFG] added configuration 'con1000'
      Dec 18 21:43:57 charon: 15[CFG] received stroke: route 'con1000'
      Dec 18 21:43:57 ipsec_starter[76120]: 'con1000' routed
      Dec 18 21:43:57 ipsec_starter[76120]: 
      Dec 18 21:44:09 charon: 15[KNL] creating acquire job for policy 108.204.255.165/32|/0 === 192.64.119.254/32|/0 with reqid {1}
      Dec 18 21:44:09 charon: 15[IKE] <con1000|1>initiating Main Mode IKE_SA con1000[1] to 192.64.119.254
      Dec 18 21:44:09 charon: 15[ENC] <con1000|1>generating ID_PROT request 0 [ SA V V V V V V ]
      Dec 18 21:44:09 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
      Dec 18 21:44:13 charon: 15[IKE] <con1000|1>sending retransmit 1 of request message ID 0, seq 1
      Dec 18 21:44:13 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
      Dec 18 21:44:20 charon: 15[IKE] <con1000|1>sending retransmit 2 of request message ID 0, seq 1
      Dec 18 21:44:20 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
      Dec 18 21:44:33 charon: 15[IKE] <con1000|1>sending retransmit 3 of request message ID 0, seq 1
      Dec 18 21:44:33 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
      Dec 18 21:44:54 charon: 14[KNL] creating acquire job for policy 108.204.255.165/32|/0 === 192.64.119.254/32|/0 with reqid {1}
      Dec 18 21:44:54 charon: 15[CFG] ignoring acquire, connection attempt pending
      Dec 18 21:44:56 charon: 13[IKE] <con1000|1>sending retransmit 4 of request message ID 0, seq 1
      Dec 18 21:44:56 charon: 13[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
      Dec 18 21:45:38 charon: 14[IKE] <con1000|1>sending retransmit 5 of request message ID 0, seq 1
      Dec 18 21:45:38 charon: 14[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
      Dec 18 21:45:39 charon: 14[KNL] creating acquire job for policy 108.204.255.165/32|/0 === 192.64.119.254/32|/0 with reqid {1}
      Dec 18 21:45:39 charon: 13[CFG] ignoring acquire, connection attempt pending

      Any suggestions?</con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.