Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Phase 1 problem after phase 1 lifetime ends

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grumling
      last edited by

      Hi
      Having a problem between a pfsense and checkpoint.
      When first starting the vpn, all is good. But after the Phase 1 lifetime ends connection fails.

      This is what i did find in the logs on pfsense

      Feb 2 15:58:17  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
      Feb 2 15:58:17  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:58:13  charon: 09[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
      Feb 2 15:58:13  charon: 09[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:58:09  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
      Feb 2 15:58:09  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:58:05  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
      Feb 2 15:58:05  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:58:01  charon: 16[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
      Feb 2 15:58:01  charon: 16[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:57:57  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
      Feb 2 15:57:57  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:57:55  charon: 16[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
      Feb 2 15:57:55  charon: 16[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:57:53  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
      Feb 2 15:57:53  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:57:51  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
      Feb 2 15:57:51  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:57:49  charon: 04[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
      Feb 2 15:57:49  charon: 04[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:57:47  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
      Feb 2 15:57:47  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:57:45  charon: 14[IKE] <con1000|9> maximum IKE_SA lifetime 86114s
      Feb 2 15:57:45  charon: 14[IKE] <con1000|9> scheduling reauthentication in 85574s
      Feb 2 15:57:45  charon: 14[IKE] <con1000|9> IKE_SA con1000[9] established between "Local host IP"["Local host IP"]..."Remote host IP"["Remote host IP"]
      Feb 2 15:57:45  charon: 14[ENC] <con1000|9> parsed ID_PROT response 0 [ ID HASH ]
      Feb 2 15:57:45  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
      Feb 2 15:57:45  charon: 14[NET] <con1000|9> sending packet: from "Local host IP"[500] to "Remote host IP"[500] (76 bytes)
      Feb 2 15:57:45  charon: 14[ENC] <con1000|9> generating ID_PROT request 0 [ ID HASH ]
      Feb 2 15:57:45  charon: 14[ENC] <con1000|9> parsed ID_PROT response 0 [ KE No ]
      Feb 2 15:57:45  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (184 bytes)
      Feb 2 15:57:45  charon: 14[NET] <con1000|9> sending packet: from "Local host IP"[500] to "Remote host IP"[500] (196 bytes)
      Feb 2 15:57:45  charon: 14[ENC] <con1000|9> generating ID_PROT request 0 [ KE No ]
      Feb 2 15:57:45  charon: 14[IKE] <con1000|9> received FRAGMENTATION vendor ID
      Feb 2 15:57:45  charon: 14[ENC] <con1000|9> parsed ID_PROT response 0 [ SA V ]
      Feb 2 15:57:45  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (108 bytes)
      Feb 2 15:57:45  charon: 14[NET] <con1000|8> sending packet: from "Local host IP"[500] to "Remote host IP"[500] (204 bytes)
      Feb 2 15:57:45  charon: 14[ENC] <con1000|8> generating ID_PROT request 0 [ SA V V V V V V ]
      Feb 2 15:57:45  charon: 14[IKE] <con1000|8> initiating Main Mode IKE_SA con1000[9] to "Remote host IP"
      Feb 2 15:57:45  charon: 14[IKE] <con1000|8> reauthenticating IKE_SA con1000[8]</con1000|8></con1000|8></con1000|8></con1000|8></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9>
      

      It starts to work if i stop and start the ipsec service on the pfsense. If I do a reset tunnel on the checkpoint nothing happens.

      This all started when I updated pfsense to the latest version.

      Anyone that can help?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.