4. IPSec Tunnel Stopped Working…

IPSec Tunnel Stopped Working…

  • M

    I had an IPsec tunnel running between two PFSense boxes.  Since updating both to v2.2.5, my tunnel does not start.  My log looks like this…

    Dec 18 21:43:57 ipsec_starter[75407]: Starting strongSwan 5.3.3 IPsec [starter]…
    Dec 18 21:43:57 ipsec_starter[75407]: no netkey IPsec stack detected
    Dec 18 21:43:57 ipsec_starter[75407]: no KLIPS IPsec stack detected
    Dec 18 21:43:57 ipsec_starter[75407]: no known IPsec stack detected, ignoring!
    Dec 18 21:43:57 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.3, FreeBSD 10.1-RELEASE-p24, i386)
    Dec 18 21:43:57 charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
    Dec 18 21:43:57 charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
    Dec 18 21:43:57 charon: 00[CFG] ipseckey plugin is disabled
    Dec 18 21:43:57 charon: 00[CFG] loading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
    Dec 18 21:43:57 charon: 00[CFG] loading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
    Dec 18 21:43:57 charon: 00[CFG] loading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
    Dec 18 21:43:57 charon: 00[CFG] loading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
    Dec 18 21:43:57 charon: 00[CFG] loading crls from '/var/etc/ipsec/ipsec.d/crls'
    Dec 18 21:43:57 charon: 00[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
    Dec 18 21:43:57 charon: 00[CFG] loaded IKE secret for %any 192.64.119.254
    Dec 18 21:43:57 charon: 00[CFG] opening triplet file /var/etc/ipsec/ipsec.d/triplets.dat failed: No such file or directory
    Dec 18 21:43:57 charon: 00[CFG] loaded 0 RADIUS server configurations
    Dec 18 21:43:57 charon: 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-sim eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock unity
    Dec 18 21:43:57 charon: 00[JOB] spawning 16 worker threads
    Dec 18 21:43:57 ipsec_starter[76120]: charon (76489) started after 280 ms
    Dec 18 21:43:57 charon: 06[CFG] received stroke: add connection 'bypasslan'
    Dec 18 21:43:57 charon: 06[CFG] added configuration 'bypasslan'
    Dec 18 21:43:57 charon: 16[CFG] received stroke: route 'bypasslan'
    Dec 18 21:43:57 ipsec_starter[76120]: 'bypasslan' shunt PASS policy installed
    Dec 18 21:43:57 ipsec_starter[76120]: 
    Dec 18 21:43:57 charon: 06[CFG] received stroke: add connection 'con1000'
    Dec 18 21:43:57 charon: 06[CFG] added configuration 'con1000'
    Dec 18 21:43:57 charon: 15[CFG] received stroke: route 'con1000'
    Dec 18 21:43:57 ipsec_starter[76120]: 'con1000' routed
    Dec 18 21:43:57 ipsec_starter[76120]: 
    Dec 18 21:44:09 charon: 15[KNL] creating acquire job for policy 108.204.255.165/32|/0 === 192.64.119.254/32|/0 with reqid {1}
    Dec 18 21:44:09 charon: 15[IKE] <con1000|1>initiating Main Mode IKE_SA con1000[1] to 192.64.119.254
    Dec 18 21:44:09 charon: 15[ENC] <con1000|1>generating ID_PROT request 0 [ SA V V V V V V ]
    Dec 18 21:44:09 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
    Dec 18 21:44:13 charon: 15[IKE] <con1000|1>sending retransmit 1 of request message ID 0, seq 1
    Dec 18 21:44:13 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
    Dec 18 21:44:20 charon: 15[IKE] <con1000|1>sending retransmit 2 of request message ID 0, seq 1
    Dec 18 21:44:20 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
    Dec 18 21:44:33 charon: 15[IKE] <con1000|1>sending retransmit 3 of request message ID 0, seq 1
    Dec 18 21:44:33 charon: 15[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
    Dec 18 21:44:54 charon: 14[KNL] creating acquire job for policy 108.204.255.165/32|/0 === 192.64.119.254/32|/0 with reqid {1}
    Dec 18 21:44:54 charon: 15[CFG] ignoring acquire, connection attempt pending
    Dec 18 21:44:56 charon: 13[IKE] <con1000|1>sending retransmit 4 of request message ID 0, seq 1
    Dec 18 21:44:56 charon: 13[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
    Dec 18 21:45:38 charon: 14[IKE] <con1000|1>sending retransmit 5 of request message ID 0, seq 1
    Dec 18 21:45:38 charon: 14[NET] <con1000|1>sending packet: from 108.204.255.165[500] to 192.64.119.254[500] (200 bytes)
    Dec 18 21:45:39 charon: 14[KNL] creating acquire job for policy 108.204.255.165/32|/0 === 192.64.119.254/32|/0 with reqid {1}
    Dec 18 21:45:39 charon: 13[CFG] ignoring acquire, connection attempt pending

    Any suggestions?</con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1>

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy