Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Unable to established connection in IPsec PFSense

    IPsec
    2
    3
    2232
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      valjasme18 last edited by

      Good day! I am creating Site to site Ipsec Pfsense but the status on both configuration is only connecting…

      Here is the logs for the Site A:

      Feb 26 16:13:41 charon: 12[IKE] <con1000|3>sending retransmit 4 of request message ID 0, seq 1
      Feb 26 16:13:41 charon: 12[NET] <con1000|3>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:14:23 charon: 12[IKE] <con1000|3>sending retransmit 5 of request message ID 0, seq 1
      Feb 26 16:14:23 charon: 12[NET] <con1000|3>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:15:38 charon: 14[IKE] <con1000|3>giving up after 5 retransmits
      Feb 26 16:15:38 charon: 14[IKE] <con1000|3>establishing IKE_SA failed, peer not responding
      Feb 26 16:47:05 charon: 10[CFG] received stroke: terminate 'con1000'
      Feb 26 16:47:05 charon: 10[CFG] no IKE_SA named 'con1000' found
      Feb 26 16:47:05 charon: 10[CFG] received stroke: initiate 'con1000'
      Feb 26 16:47:05 charon: 12[IKE] <con1000|4>initiating Aggressive Mode IKE_SA con1000[4] to 112.199.99.137
      Feb 26 16:47:05 charon: 12[ENC] <con1000|4>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
      Feb 26 16:47:05 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:47:09 charon: 12[IKE] <con1000|4>sending retransmit 1 of request message ID 0, seq 1
      Feb 26 16:47:09 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:47:16 charon: 07[IKE] <con1000|4>sending retransmit 2 of request message ID 0, seq 1
      Feb 26 16:47:16 charon: 07[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:47:29 charon: 12[IKE] <con1000|4>sending retransmit 3 of request message ID 0, seq 1
      Feb 26 16:47:29 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:47:48 charon: 12[CFG] rereading secrets
      Feb 26 16:47:48 charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 26 16:47:48 charon: 12[CFG] loaded IKE secret for %any 112.199.99.137
      Feb 26 16:47:48 charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 26 16:47:48 charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 26 16:47:48 charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 26 16:47:48 charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 26 16:47:48 charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 26 16:47:48 charon: 16[CFG] received stroke: unroute 'bypasslan'
      Feb 26 16:47:48 ipsec_starter[52097]: shunt policy 'bypasslan' uninstalled
      Feb 26 16:47:48 ipsec_starter[52097]:
      Feb 26 16:47:48 charon: 11[CFG] received stroke: delete connection 'bypasslan'
      Feb 26 16:47:48 charon: 11[CFG] deleted connection 'bypasslan'
      Feb 26 16:47:48 charon: 11[CFG] received stroke: unroute 'con1000'
      Feb 26 16:47:48 ipsec_starter[52097]: configuration 'con1000' unrouted
      Feb 26 16:47:48 ipsec_starter[52097]:
      Feb 26 16:47:48 charon: 11[CFG] received stroke: delete connection 'con1000'
      Feb 26 16:47:48 charon: 11[CFG] deleted connection 'con1000'
      Feb 26 16:47:48 charon: 16[CFG] received stroke: add connection 'bypasslan'
      Feb 26 16:47:48 charon: 16[CFG] added configuration 'bypasslan'
      Feb 26 16:47:48 charon: 16[CFG] received stroke: route 'bypasslan'
      Feb 26 16:47:48 ipsec_starter[52097]: 'bypasslan' shunt PASS policy installed
      Feb 26 16:47:48 ipsec_starter[52097]:
      Feb 26 16:47:48 charon: 16[CFG] received stroke: add connection 'con1000'
      Feb 26 16:47:48 charon: 16[CFG] added configuration 'con1000'
      Feb 26 16:47:48 charon: 16[CFG] received stroke: route 'con1000'
      Feb 26 16:47:48 ipsec_starter[52097]: 'con1000' routed
      Feb 26 16:47:48 ipsec_starter[52097]:
      Feb 26 16:47:52 charon: 16[IKE] <con1000|4>sending retransmit 4 of request message ID 0, seq 1
      Feb 26 16:47:52 charon: 16[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
      Feb 26 16:48:34 charon: 05[IKE] <con1000|4>sending retransmit 5 of request message ID 0, seq 1
      Feb 26 16:48:34 charon: 05[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)

      Logs for Site B:

      Feb 26 16:46:50 charon: 15[CFG] received stroke: route 'bypasslan'
      Feb 26 16:46:50 ipsec_starter[44532]: 'bypasslan' shunt PASS policy installed Feb 26 16:46:50 ipsec_starter[44532]:
      Feb 26 16:46:50 charon: 15[CFG] received stroke: add connection 'con1000' Feb 26 16:46:50 charon: 15[CFG] added configuration 'con1000' Feb 26 16:46:50 charon: 05[CFG] received stroke: route 'con1000'
      Feb 26 16:46:50 ipsec_starter[44532]: 'con1000' routed Feb 26 16:46:50 ipsec_starter[44532]:
      Feb 26 16:47:00 charon: 02[CFG] received stroke: terminate 'con1000'
      Feb 26 16:47:00 charon: 02[CFG] no IKE_SA named 'con1000' found
      Feb 26 16:47:00 charon: 02[CFG] received stroke: initiate 'con1000'
      Feb 26 16:47:00 charon: 05[IKE] <con1000|2>initiating Aggressive Mode IKE_SA con1000[2] to 49.144.38.212
      Feb 26 16:47:00 charon: 05[ENC] <con1000|2>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
      Feb 26 16:47:00 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes)
      Feb 26 16:47:04 charon: 05[IKE] <con1000|2>sending retransmit 1 of request message ID 0, seq 1
      Feb 26 16:47:04 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:11 charon: 05[IKE] <con1000|2>sending retransmit 2 of request message ID 0, seq 1 Feb 26 16:47:11 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:24 charon: 05[IKE] <con1000|2>sending retransmit 3 of request message ID 0, seq 1
      Feb 26 16:47:24 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:42 charon: 05[CFG] rereading secrets
      Feb 26 16:47:42 charon: 05[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 26 16:47:42 charon: 05[CFG] loaded IKE secret for %any 49.144.38.212 Feb 26 16:47:42 charon: 05[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 26 16:47:42 charon: 05[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 26 16:47:42 charon: 05[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 26 16:47:42 charon: 05[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 26 16:47:42 charon: 05[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 26 16:47:42 charon: 05[CFG] received stroke: unroute 'bypasslan'
      Feb 26 16:47:42 ipsec_starter[44532]: shunt policy 'bypasslan' uninstalled
      Feb 26 16:47:42 ipsec_starter[44532]:
      Feb 26 16:47:42 charon: 14[CFG] received stroke: delete connection 'bypasslan'
      Feb 26 16:47:42 charon: 14[CFG] deleted connection 'bypasslan'
      Feb 26 16:47:42 charon: 10[CFG] received stroke: unroute 'con1000'
      Feb 26 16:47:42 ipsec_starter[44532]: configuration 'con1000' unrouted
      Feb 26 16:47:42 ipsec_starter[44532]:
      Feb 26 16:47:42 charon: 14[CFG] received stroke: delete connection 'con1000'
      Feb 26 16:47:42 charon: 14[CFG] deleted connection 'con1000'
      Feb 26 16:47:42 charon: 14[CFG] received stroke: add connection 'bypasslan'
      Feb 26 16:47:42 charon: 14[CFG] added configuration 'bypasslan' Feb 26 16:47:42 charon: 10[CFG] received stroke: route 'bypasslan'
      Feb 26 16:47:42 ipsec_starter[44532]: 'bypasslan' shunt PASS policy installed
      Feb 26 16:47:42 ipsec_starter[44532]:
      Feb 26 16:47:42 charon: 14[CFG] received stroke: add connection 'con1000'
      Feb 26 16:47:42 charon: 14[CFG] added configuration 'con1000'
      Feb 26 16:47:42 charon: 12[CFG] received stroke: route 'con1000'
      Feb 26 16:47:42 ipsec_starter[44532]: 'con1000' routed
      Feb 26 16:47:42 ipsec_starter[44532]:
      Feb 26 16:47:47 charon: 09[IKE] <con1000|2>sending retransmit 4 of request message ID 0, seq 1
      Feb 26 16:47:47 charon: 09[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes)

      Hope you can all help me regarding this problem. btw I'm using PFsense 2.2.6 i886 in Site A and PFsense 2.2.6 AMD64 on Site B</con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3>

      1 Reply Last reply Reply Quote 0
      • V
        valjasme18 last edited by

        Already solved. thanks  ;D ;D :D

        1 Reply Last reply Reply Quote 0
        • A
          anass131 last edited by

          What is the solution please i have the same problem :/
          ipsec_starter[35497]: configuration 'con1000' unrouted

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy