Phase 1 problem after phase 1 lifetime ends
-
Hi
Having a problem between a pfsense and checkpoint.
When first starting the vpn, all is good. But after the Phase 1 lifetime ends connection fails.This is what i did find in the logs on pfsense
Feb 2 15:58:17 charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent Feb 2 15:58:17 charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:58:13 charon: 09[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent Feb 2 15:58:13 charon: 09[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:58:09 charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent Feb 2 15:58:09 charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:58:05 charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent Feb 2 15:58:05 charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:58:01 charon: 16[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent Feb 2 15:58:01 charon: 16[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:57:57 charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent Feb 2 15:57:57 charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:57:55 charon: 16[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent Feb 2 15:57:55 charon: 16[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:57:53 charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent Feb 2 15:57:53 charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:57:51 charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent Feb 2 15:57:51 charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:57:49 charon: 04[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent Feb 2 15:57:49 charon: 04[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:57:47 charon: 14[IKE] <con1000|9> received retransmit of response with ID 0, but next request already sent Feb 2 15:57:47 charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:57:45 charon: 14[IKE] <con1000|9> maximum IKE_SA lifetime 86114s Feb 2 15:57:45 charon: 14[IKE] <con1000|9> scheduling reauthentication in 85574s Feb 2 15:57:45 charon: 14[IKE] <con1000|9> IKE_SA con1000[9] established between "Local host IP"["Local host IP"]..."Remote host IP"["Remote host IP"] Feb 2 15:57:45 charon: 14[ENC] <con1000|9> parsed ID_PROT response 0 [ ID HASH ] Feb 2 15:57:45 charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (76 bytes) Feb 2 15:57:45 charon: 14[NET] <con1000|9> sending packet: from "Local host IP"[500] to "Remote host IP"[500] (76 bytes) Feb 2 15:57:45 charon: 14[ENC] <con1000|9> generating ID_PROT request 0 [ ID HASH ] Feb 2 15:57:45 charon: 14[ENC] <con1000|9> parsed ID_PROT response 0 [ KE No ] Feb 2 15:57:45 charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (184 bytes) Feb 2 15:57:45 charon: 14[NET] <con1000|9> sending packet: from "Local host IP"[500] to "Remote host IP"[500] (196 bytes) Feb 2 15:57:45 charon: 14[ENC] <con1000|9> generating ID_PROT request 0 [ KE No ] Feb 2 15:57:45 charon: 14[IKE] <con1000|9> received FRAGMENTATION vendor ID Feb 2 15:57:45 charon: 14[ENC] <con1000|9> parsed ID_PROT response 0 [ SA V ] Feb 2 15:57:45 charon: 14[NET] <con1000|9> received packet: from "Remote host IP"[500] to "Local host IP"[500] (108 bytes) Feb 2 15:57:45 charon: 14[NET] <con1000|8> sending packet: from "Local host IP"[500] to "Remote host IP"[500] (204 bytes) Feb 2 15:57:45 charon: 14[ENC] <con1000|8> generating ID_PROT request 0 [ SA V V V V V V ] Feb 2 15:57:45 charon: 14[IKE] <con1000|8> initiating Main Mode IKE_SA con1000[9] to "Remote host IP" Feb 2 15:57:45 charon: 14[IKE] <con1000|8> reauthenticating IKE_SA con1000[8]</con1000|8></con1000|8></con1000|8></con1000|8></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9></con1000|9>
It starts to work if i stop and start the ipsec service on the pfsense. If I do a reset tunnel on the checkpoint nothing happens.
This all started when I updated pfsense to the latest version.
Anyone that can help?