Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to established connection in IPsec PFSense

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      valjasme18
      last edited by

      Good day! I am creating Site to site Ipsec Pfsense but the status on both configuration is only connecting…

      Here is the logs for the Site A:

      Feb 26 16:13:41 charon: 12[IKE] <con1000|3>sending retransmit 4 of request message ID 0, seq 1
      Feb 26 16:13:41 charon: 12[NET] <con1000|3>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:14:23 charon: 12[IKE] <con1000|3>sending retransmit 5 of request message ID 0, seq 1
      Feb 26 16:14:23 charon: 12[NET] <con1000|3>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:15:38 charon: 14[IKE] <con1000|3>giving up after 5 retransmits
      Feb 26 16:15:38 charon: 14[IKE] <con1000|3>establishing IKE_SA failed, peer not responding
      Feb 26 16:47:05 charon: 10[CFG] received stroke: terminate 'con1000'
      Feb 26 16:47:05 charon: 10[CFG] no IKE_SA named 'con1000' found
      Feb 26 16:47:05 charon: 10[CFG] received stroke: initiate 'con1000'
      Feb 26 16:47:05 charon: 12[IKE] <con1000|4>initiating Aggressive Mode IKE_SA con1000[4] to 112.199.99.137
      Feb 26 16:47:05 charon: 12[ENC] <con1000|4>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
      Feb 26 16:47:05 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:47:09 charon: 12[IKE] <con1000|4>sending retransmit 1 of request message ID 0, seq 1
      Feb 26 16:47:09 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:47:16 charon: 07[IKE] <con1000|4>sending retransmit 2 of request message ID 0, seq 1
      Feb 26 16:47:16 charon: 07[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:47:29 charon: 12[IKE] <con1000|4>sending retransmit 3 of request message ID 0, seq 1
      Feb 26 16:47:29 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:47:48 charon: 12[CFG] rereading secrets
      Feb 26 16:47:48 charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 26 16:47:48 charon: 12[CFG] loaded IKE secret for %any 112.199.99.137
      Feb 26 16:47:48 charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 26 16:47:48 charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 26 16:47:48 charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 26 16:47:48 charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 26 16:47:48 charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 26 16:47:48 charon: 16[CFG] received stroke: unroute 'bypasslan'
      Feb 26 16:47:48 ipsec_starter[52097]: shunt policy 'bypasslan' uninstalled
      Feb 26 16:47:48 ipsec_starter[52097]:
      Feb 26 16:47:48 charon: 11[CFG] received stroke: delete connection 'bypasslan'
      Feb 26 16:47:48 charon: 11[CFG] deleted connection 'bypasslan'
      Feb 26 16:47:48 charon: 11[CFG] received stroke: unroute 'con1000'
      Feb 26 16:47:48 ipsec_starter[52097]: configuration 'con1000' unrouted
      Feb 26 16:47:48 ipsec_starter[52097]:
      Feb 26 16:47:48 charon: 11[CFG] received stroke: delete connection 'con1000'
      Feb 26 16:47:48 charon: 11[CFG] deleted connection 'con1000'
      Feb 26 16:47:48 charon: 16[CFG] received stroke: add connection 'bypasslan'
      Feb 26 16:47:48 charon: 16[CFG] added configuration 'bypasslan'
      Feb 26 16:47:48 charon: 16[CFG] received stroke: route 'bypasslan'
      Feb 26 16:47:48 ipsec_starter[52097]: 'bypasslan' shunt PASS policy installed
      Feb 26 16:47:48 ipsec_starter[52097]:
      Feb 26 16:47:48 charon: 16[CFG] received stroke: add connection 'con1000'
      Feb 26 16:47:48 charon: 16[CFG] added configuration 'con1000'
      Feb 26 16:47:48 charon: 16[CFG] received stroke: route 'con1000'
      Feb 26 16:47:48 ipsec_starter[52097]: 'con1000' routed
      Feb 26 16:47:48 ipsec_starter[52097]:
      Feb 26 16:47:52 charon: 16[IKE] <con1000|4>sending retransmit 4 of request message ID 0, seq 1
      Feb 26 16:47:52 charon: 16[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:48:34 charon: 05[IKE] <con1000|4>sending retransmit 5 of request message ID 0, seq 1
      Feb 26 16:48:34 charon: 05[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)

      Logs for Site B:

      Feb 26 16:46:50 charon: 15[CFG] received stroke: route 'bypasslan'
      Feb 26 16:46:50 ipsec_starter[44532]: 'bypasslan' shunt PASS policy installed Feb 26 16:46:50 ipsec_starter[44532]:
      Feb 26 16:46:50 charon: 15[CFG] received stroke: add connection 'con1000' Feb 26 16:46:50 charon: 15[CFG] added configuration 'con1000' Feb 26 16:46:50 charon: 05[CFG] received stroke: route 'con1000'
      Feb 26 16:46:50 ipsec_starter[44532]: 'con1000' routed Feb 26 16:46:50 ipsec_starter[44532]:
      Feb 26 16:47:00 charon: 02[CFG] received stroke: terminate 'con1000'
      Feb 26 16:47:00 charon: 02[CFG] no IKE_SA named 'con1000' found
      Feb 26 16:47:00 charon: 02[CFG] received stroke: initiate 'con1000'
      Feb 26 16:47:00 charon: 05[IKE] <con1000|2>initiating Aggressive Mode IKE_SA con1000[2] to 49.144.38.212
      Feb 26 16:47:00 charon: 05[ENC] <con1000|2>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
      Feb 26 16:47:00 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes)
      Feb 26 16:47:04 charon: 05[IKE] <con1000|2>sending retransmit 1 of request message ID 0, seq 1
      Feb 26 16:47:04 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:11 charon: 05[IKE] <con1000|2>sending retransmit 2 of request message ID 0, seq 1 Feb 26 16:47:11 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:24 charon: 05[IKE] <con1000|2>sending retransmit 3 of request message ID 0, seq 1
      Feb 26 16:47:24 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:42 charon: 05[CFG] rereading secrets
      Feb 26 16:47:42 charon: 05[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 26 16:47:42 charon: 05[CFG] loaded IKE secret for %any 49.144.38.212 Feb 26 16:47:42 charon: 05[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 26 16:47:42 charon: 05[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 26 16:47:42 charon: 05[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 26 16:47:42 charon: 05[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 26 16:47:42 charon: 05[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 26 16:47:42 charon: 05[CFG] received stroke: unroute 'bypasslan'
      Feb 26 16:47:42 ipsec_starter[44532]: shunt policy 'bypasslan' uninstalled
      Feb 26 16:47:42 ipsec_starter[44532]:
      Feb 26 16:47:42 charon: 14[CFG] received stroke: delete connection 'bypasslan'
      Feb 26 16:47:42 charon: 14[CFG] deleted connection 'bypasslan'
      Feb 26 16:47:42 charon: 10[CFG] received stroke: unroute 'con1000'
      Feb 26 16:47:42 ipsec_starter[44532]: configuration 'con1000' unrouted
      Feb 26 16:47:42 ipsec_starter[44532]:
      Feb 26 16:47:42 charon: 14[CFG] received stroke: delete connection 'con1000'
      Feb 26 16:47:42 charon: 14[CFG] deleted connection 'con1000'
      Feb 26 16:47:42 charon: 14[CFG] received stroke: add connection 'bypasslan'
      Feb 26 16:47:42 charon: 14[CFG] added configuration 'bypasslan' Feb 26 16:47:42 charon: 10[CFG] received stroke: route 'bypasslan'
      Feb 26 16:47:42 ipsec_starter[44532]: 'bypasslan' shunt PASS policy installed
      Feb 26 16:47:42 ipsec_starter[44532]:
      Feb 26 16:47:42 charon: 14[CFG] received stroke: add connection 'con1000'
      Feb 26 16:47:42 charon: 14[CFG] added configuration 'con1000'
      Feb 26 16:47:42 charon: 12[CFG] received stroke: route 'con1000'
      Feb 26 16:47:42 ipsec_starter[44532]: 'con1000' routed
      Feb 26 16:47:42 ipsec_starter[44532]:
      Feb 26 16:47:47 charon: 09[IKE] <con1000|2>sending retransmit 4 of request message ID 0, seq 1
      Feb 26 16:47:47 charon: 09[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes)

      Hope you can all help me regarding this problem. btw I'm using PFsense 2.2.6 i886 in Site A and PFsense 2.2.6 AMD64 on Site B</con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3>

      1 Reply Last reply Reply Quote 0
      • V
        valjasme18
        last edited by

        Already solved. thanks  ;D ;D :D

        1 Reply Last reply Reply Quote 0
        • A
          anass131
          last edited by

          What is the solution please i have the same problem :/
          ipsec_starter[35497]: configuration 'con1000' unrouted

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.