Phase 1 problem after phase 1 lifetime ends



  • Hi
    Having a problem between a pfsense and checkpoint.
    When first starting the vpn, all is good. But after the Phase 1 lifetime ends connection fails.

    This is what i did find in the logs on pfsense

    Feb 2 15:58:17  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
    Feb 2 15:58:17  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:58:13  charon: 09[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
    Feb 2 15:58:13  charon: 09[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:58:09  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
    Feb 2 15:58:09  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:58:05  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
    Feb 2 15:58:05  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:58:01  charon: 16[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
    Feb 2 15:58:01  charon: 16[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:57:57  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
    Feb 2 15:57:57  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:57:55  charon: 16[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
    Feb 2 15:57:55  charon: 16[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:57:53  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
    Feb 2 15:57:53  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:57:51  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
    Feb 2 15:57:51  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:57:49  charon: 04[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
    Feb 2 15:57:49  charon: 04[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:57:47  charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent
    Feb 2 15:57:47  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:57:45  charon: 14[IKE] <con1000|9> maximum IKE_SA lifetime 86114s
    Feb 2 15:57:45  charon: 14[IKE] <con1000|9> scheduling reauthentication in 85574s
    Feb 2 15:57:45  charon: 14[IKE] <con1000|9> IKE_SA con1000[9] established between "Local host IP"["Local host IP"]..."Remote host IP"["Remote host IP"]
    Feb 2 15:57:45  charon: 14[ENC] <con1000|9> parsed ID_PROT response 0 [ ID HASH ]
    Feb 2 15:57:45  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes)
    Feb 2 15:57:45  charon: 14[NET] <con1000|9> sending packet: from "Local host IP"[500] to "Remote host IP"[500] (76 bytes)
    Feb 2 15:57:45  charon: 14[ENC] <con1000|9> generating ID_PROT request 0 [ ID HASH ]
    Feb 2 15:57:45  charon: 14[ENC] <con1000|9> parsed ID_PROT response 0 [ KE No ]
    Feb 2 15:57:45  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (184 bytes)
    Feb 2 15:57:45  charon: 14[NET] <con1000|9> sending packet: from "Local host IP"[500] to "Remote host IP"[500] (196 bytes)
    Feb 2 15:57:45  charon: 14[ENC] <con1000|9> generating ID_PROT request 0 [ KE No ]
    Feb 2 15:57:45  charon: 14[IKE] <con1000|9> received FRAGMENTATION vendor ID
    Feb 2 15:57:45  charon: 14[ENC] <con1000|9> parsed ID_PROT response 0 [ SA V ]
    Feb 2 15:57:45  charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (108 bytes)
    Feb 2 15:57:45  charon: 14[NET] <con1000|8> sending packet: from "Local host IP"[500] to "Remote host IP"[500] (204 bytes)
    Feb 2 15:57:45  charon: 14[ENC] <con1000|8> generating ID_PROT request 0 [ SA V V V V V V ]
    Feb 2 15:57:45  charon: 14[IKE] <con1000|8> initiating Main Mode IKE_SA con1000[9] to "Remote host IP"
    Feb 2 15:57:45  charon: 14[IKE] <con1000|8> reauthenticating IKE_SA con1000[8]</con1000|8></con1000|8></con1000|8></con1000|8></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9>
    

    It starts to work if i stop and start the ipsec service on the pfsense. If I do a reset tunnel on the checkpoint nothing happens.

    This all started when I updated pfsense to the latest version.

    Anyone that can help?


Log in to reply