Unable to established connection in IPsec PFSense



  • Good day! I am creating Site to site Ipsec Pfsense but the status on both configuration is only connecting…

    Here is the logs for the Site A:

    Feb 26 16:13:41 charon: 12[IKE] <con1000|3>sending retransmit 4 of request message ID 0, seq 1
    Feb 26 16:13:41 charon: 12[NET] <con1000|3>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:14:23 charon: 12[IKE] <con1000|3>sending retransmit 5 of request message ID 0, seq 1
    Feb 26 16:14:23 charon: 12[NET] <con1000|3>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:15:38 charon: 14[IKE] <con1000|3>giving up after 5 retransmits
    Feb 26 16:15:38 charon: 14[IKE] <con1000|3>establishing IKE_SA failed, peer not responding
    Feb 26 16:47:05 charon: 10[CFG] received stroke: terminate 'con1000'
    Feb 26 16:47:05 charon: 10[CFG] no IKE_SA named 'con1000' found
    Feb 26 16:47:05 charon: 10[CFG] received stroke: initiate 'con1000'
    Feb 26 16:47:05 charon: 12[IKE] <con1000|4>initiating Aggressive Mode IKE_SA con1000[4] to 112.199.99.137
    Feb 26 16:47:05 charon: 12[ENC] <con1000|4>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
    Feb 26 16:47:05 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:47:09 charon: 12[IKE] <con1000|4>sending retransmit 1 of request message ID 0, seq 1
    Feb 26 16:47:09 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:47:16 charon: 07[IKE] <con1000|4>sending retransmit 2 of request message ID 0, seq 1
    Feb 26 16:47:16 charon: 07[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:47:29 charon: 12[IKE] <con1000|4>sending retransmit 3 of request message ID 0, seq 1
    Feb 26 16:47:29 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:47:48 charon: 12[CFG] rereading secrets
    Feb 26 16:47:48 charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
    Feb 26 16:47:48 charon: 12[CFG] loaded IKE secret for %any 112.199.99.137
    Feb 26 16:47:48 charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
    Feb 26 16:47:48 charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
    Feb 26 16:47:48 charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
    Feb 26 16:47:48 charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
    Feb 26 16:47:48 charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
    Feb 26 16:47:48 charon: 16[CFG] received stroke: unroute 'bypasslan'
    Feb 26 16:47:48 ipsec_starter[52097]: shunt policy 'bypasslan' uninstalled
    Feb 26 16:47:48 ipsec_starter[52097]:
    Feb 26 16:47:48 charon: 11[CFG] received stroke: delete connection 'bypasslan'
    Feb 26 16:47:48 charon: 11[CFG] deleted connection 'bypasslan'
    Feb 26 16:47:48 charon: 11[CFG] received stroke: unroute 'con1000'
    Feb 26 16:47:48 ipsec_starter[52097]: configuration 'con1000' unrouted
    Feb 26 16:47:48 ipsec_starter[52097]:
    Feb 26 16:47:48 charon: 11[CFG] received stroke: delete connection 'con1000'
    Feb 26 16:47:48 charon: 11[CFG] deleted connection 'con1000'
    Feb 26 16:47:48 charon: 16[CFG] received stroke: add connection 'bypasslan'
    Feb 26 16:47:48 charon: 16[CFG] added configuration 'bypasslan'
    Feb 26 16:47:48 charon: 16[CFG] received stroke: route 'bypasslan'
    Feb 26 16:47:48 ipsec_starter[52097]: 'bypasslan' shunt PASS policy installed
    Feb 26 16:47:48 ipsec_starter[52097]:
    Feb 26 16:47:48 charon: 16[CFG] received stroke: add connection 'con1000'
    Feb 26 16:47:48 charon: 16[CFG] added configuration 'con1000'
    Feb 26 16:47:48 charon: 16[CFG] received stroke: route 'con1000'
    Feb 26 16:47:48 ipsec_starter[52097]: 'con1000' routed
    Feb 26 16:47:48 ipsec_starter[52097]:
    Feb 26 16:47:52 charon: 16[IKE] <con1000|4>sending retransmit 4 of request message ID 0, seq 1
    Feb 26 16:47:52 charon: 16[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:48:34 charon: 05[IKE] <con1000|4>sending retransmit 5 of request message ID 0, seq 1
    Feb 26 16:48:34 charon: 05[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)

    Logs for Site B:

    Feb 26 16:46:50 charon: 15[CFG] received stroke: route 'bypasslan'
    Feb 26 16:46:50 ipsec_starter[44532]: 'bypasslan' shunt PASS policy installed Feb 26 16:46:50 ipsec_starter[44532]:
    Feb 26 16:46:50 charon: 15[CFG] received stroke: add connection 'con1000' Feb 26 16:46:50 charon: 15[CFG] added configuration 'con1000' Feb 26 16:46:50 charon: 05[CFG] received stroke: route 'con1000'
    Feb 26 16:46:50 ipsec_starter[44532]: 'con1000' routed Feb 26 16:46:50 ipsec_starter[44532]:
    Feb 26 16:47:00 charon: 02[CFG] received stroke: terminate 'con1000'
    Feb 26 16:47:00 charon: 02[CFG] no IKE_SA named 'con1000' found
    Feb 26 16:47:00 charon: 02[CFG] received stroke: initiate 'con1000'
    Feb 26 16:47:00 charon: 05[IKE] <con1000|2>initiating Aggressive Mode IKE_SA con1000[2] to 49.144.38.212
    Feb 26 16:47:00 charon: 05[ENC] <con1000|2>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
    Feb 26 16:47:00 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes)
    Feb 26 16:47:04 charon: 05[IKE] <con1000|2>sending retransmit 1 of request message ID 0, seq 1
    Feb 26 16:47:04 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:11 charon: 05[IKE] <con1000|2>sending retransmit 2 of request message ID 0, seq 1 Feb 26 16:47:11 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:24 charon: 05[IKE] <con1000|2>sending retransmit 3 of request message ID 0, seq 1
    Feb 26 16:47:24 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:42 charon: 05[CFG] rereading secrets
    Feb 26 16:47:42 charon: 05[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
    Feb 26 16:47:42 charon: 05[CFG] loaded IKE secret for %any 49.144.38.212 Feb 26 16:47:42 charon: 05[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
    Feb 26 16:47:42 charon: 05[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
    Feb 26 16:47:42 charon: 05[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
    Feb 26 16:47:42 charon: 05[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
    Feb 26 16:47:42 charon: 05[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
    Feb 26 16:47:42 charon: 05[CFG] received stroke: unroute 'bypasslan'
    Feb 26 16:47:42 ipsec_starter[44532]: shunt policy 'bypasslan' uninstalled
    Feb 26 16:47:42 ipsec_starter[44532]:
    Feb 26 16:47:42 charon: 14[CFG] received stroke: delete connection 'bypasslan'
    Feb 26 16:47:42 charon: 14[CFG] deleted connection 'bypasslan'
    Feb 26 16:47:42 charon: 10[CFG] received stroke: unroute 'con1000'
    Feb 26 16:47:42 ipsec_starter[44532]: configuration 'con1000' unrouted
    Feb 26 16:47:42 ipsec_starter[44532]:
    Feb 26 16:47:42 charon: 14[CFG] received stroke: delete connection 'con1000'
    Feb 26 16:47:42 charon: 14[CFG] deleted connection 'con1000'
    Feb 26 16:47:42 charon: 14[CFG] received stroke: add connection 'bypasslan'
    Feb 26 16:47:42 charon: 14[CFG] added configuration 'bypasslan' Feb 26 16:47:42 charon: 10[CFG] received stroke: route 'bypasslan'
    Feb 26 16:47:42 ipsec_starter[44532]: 'bypasslan' shunt PASS policy installed
    Feb 26 16:47:42 ipsec_starter[44532]:
    Feb 26 16:47:42 charon: 14[CFG] received stroke: add connection 'con1000'
    Feb 26 16:47:42 charon: 14[CFG] added configuration 'con1000'
    Feb 26 16:47:42 charon: 12[CFG] received stroke: route 'con1000'
    Feb 26 16:47:42 ipsec_starter[44532]: 'con1000' routed
    Feb 26 16:47:42 ipsec_starter[44532]:
    Feb 26 16:47:47 charon: 09[IKE] <con1000|2>sending retransmit 4 of request message ID 0, seq 1
    Feb 26 16:47:47 charon: 09[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes)

    Hope you can all help me regarding this problem. btw I'm using PFsense 2.2.6 i886 in Site A and PFsense 2.2.6 AMD64 on Site B</con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3>



  • Already solved. thanks  ;D ;D :D