4. Unable to established connection in IPsec PFSense

Unable to established connection in IPsec PFSense

  • V

    Good day! I am creating Site to site Ipsec Pfsense but the status on both configuration is only connecting…

    Here is the logs for the Site A:

    Feb 26 16:13:41 charon: 12[IKE] <con1000|3>sending retransmit 4 of request message ID 0, seq 1
    Feb 26 16:13:41 charon: 12[NET] <con1000|3>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:14:23 charon: 12[IKE] <con1000|3>sending retransmit 5 of request message ID 0, seq 1
    Feb 26 16:14:23 charon: 12[NET] <con1000|3>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:15:38 charon: 14[IKE] <con1000|3>giving up after 5 retransmits
    Feb 26 16:15:38 charon: 14[IKE] <con1000|3>establishing IKE_SA failed, peer not responding
    Feb 26 16:47:05 charon: 10[CFG] received stroke: terminate 'con1000'
    Feb 26 16:47:05 charon: 10[CFG] no IKE_SA named 'con1000' found
    Feb 26 16:47:05 charon: 10[CFG] received stroke: initiate 'con1000'
    Feb 26 16:47:05 charon: 12[IKE] <con1000|4>initiating Aggressive Mode IKE_SA con1000[4] to 112.199.99.137
    Feb 26 16:47:05 charon: 12[ENC] <con1000|4>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
    Feb 26 16:47:05 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:47:09 charon: 12[IKE] <con1000|4>sending retransmit 1 of request message ID 0, seq 1
    Feb 26 16:47:09 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:47:16 charon: 07[IKE] <con1000|4>sending retransmit 2 of request message ID 0, seq 1
    Feb 26 16:47:16 charon: 07[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:47:29 charon: 12[IKE] <con1000|4>sending retransmit 3 of request message ID 0, seq 1
    Feb 26 16:47:29 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:47:48 charon: 12[CFG] rereading secrets
    Feb 26 16:47:48 charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
    Feb 26 16:47:48 charon: 12[CFG] loaded IKE secret for %any 112.199.99.137
    Feb 26 16:47:48 charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
    Feb 26 16:47:48 charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
    Feb 26 16:47:48 charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
    Feb 26 16:47:48 charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
    Feb 26 16:47:48 charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
    Feb 26 16:47:48 charon: 16[CFG] received stroke: unroute 'bypasslan'
    Feb 26 16:47:48 ipsec_starter[52097]: shunt policy 'bypasslan' uninstalled
    Feb 26 16:47:48 ipsec_starter[52097]:
    Feb 26 16:47:48 charon: 11[CFG] received stroke: delete connection 'bypasslan'
    Feb 26 16:47:48 charon: 11[CFG] deleted connection 'bypasslan'
    Feb 26 16:47:48 charon: 11[CFG] received stroke: unroute 'con1000'
    Feb 26 16:47:48 ipsec_starter[52097]: configuration 'con1000' unrouted
    Feb 26 16:47:48 ipsec_starter[52097]:
    Feb 26 16:47:48 charon: 11[CFG] received stroke: delete connection 'con1000'
    Feb 26 16:47:48 charon: 11[CFG] deleted connection 'con1000'
    Feb 26 16:47:48 charon: 16[CFG] received stroke: add connection 'bypasslan'
    Feb 26 16:47:48 charon: 16[CFG] added configuration 'bypasslan'
    Feb 26 16:47:48 charon: 16[CFG] received stroke: route 'bypasslan'
    Feb 26 16:47:48 ipsec_starter[52097]: 'bypasslan' shunt PASS policy installed
    Feb 26 16:47:48 ipsec_starter[52097]:
    Feb 26 16:47:48 charon: 16[CFG] received stroke: add connection 'con1000'
    Feb 26 16:47:48 charon: 16[CFG] added configuration 'con1000'
    Feb 26 16:47:48 charon: 16[CFG] received stroke: route 'con1000'
    Feb 26 16:47:48 ipsec_starter[52097]: 'con1000' routed
    Feb 26 16:47:48 ipsec_starter[52097]:
    Feb 26 16:47:52 charon: 16[IKE] <con1000|4>sending retransmit 4 of request message ID 0, seq 1
    Feb 26 16:47:52 charon: 16[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
    Feb 26 16:48:34 charon: 05[IKE] <con1000|4>sending retransmit 5 of request message ID 0, seq 1
    Feb 26 16:48:34 charon: 05[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)

    Logs for Site B:

    Feb 26 16:46:50 charon: 15[CFG] received stroke: route 'bypasslan'
    Feb 26 16:46:50 ipsec_starter[44532]: 'bypasslan' shunt PASS policy installed Feb 26 16:46:50 ipsec_starter[44532]:
    Feb 26 16:46:50 charon: 15[CFG] received stroke: add connection 'con1000' Feb 26 16:46:50 charon: 15[CFG] added configuration 'con1000' Feb 26 16:46:50 charon: 05[CFG] received stroke: route 'con1000'
    Feb 26 16:46:50 ipsec_starter[44532]: 'con1000' routed Feb 26 16:46:50 ipsec_starter[44532]:
    Feb 26 16:47:00 charon: 02[CFG] received stroke: terminate 'con1000'
    Feb 26 16:47:00 charon: 02[CFG] no IKE_SA named 'con1000' found
    Feb 26 16:47:00 charon: 02[CFG] received stroke: initiate 'con1000'
    Feb 26 16:47:00 charon: 05[IKE] <con1000|2>initiating Aggressive Mode IKE_SA con1000[2] to 49.144.38.212
    Feb 26 16:47:00 charon: 05[ENC] <con1000|2>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
    Feb 26 16:47:00 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes)
    Feb 26 16:47:04 charon: 05[IKE] <con1000|2>sending retransmit 1 of request message ID 0, seq 1
    Feb 26 16:47:04 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:11 charon: 05[IKE] <con1000|2>sending retransmit 2 of request message ID 0, seq 1 Feb 26 16:47:11 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:24 charon: 05[IKE] <con1000|2>sending retransmit 3 of request message ID 0, seq 1
    Feb 26 16:47:24 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:42 charon: 05[CFG] rereading secrets
    Feb 26 16:47:42 charon: 05[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
    Feb 26 16:47:42 charon: 05[CFG] loaded IKE secret for %any 49.144.38.212 Feb 26 16:47:42 charon: 05[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
    Feb 26 16:47:42 charon: 05[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
    Feb 26 16:47:42 charon: 05[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
    Feb 26 16:47:42 charon: 05[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
    Feb 26 16:47:42 charon: 05[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
    Feb 26 16:47:42 charon: 05[CFG] received stroke: unroute 'bypasslan'
    Feb 26 16:47:42 ipsec_starter[44532]: shunt policy 'bypasslan' uninstalled
    Feb 26 16:47:42 ipsec_starter[44532]:
    Feb 26 16:47:42 charon: 14[CFG] received stroke: delete connection 'bypasslan'
    Feb 26 16:47:42 charon: 14[CFG] deleted connection 'bypasslan'
    Feb 26 16:47:42 charon: 10[CFG] received stroke: unroute 'con1000'
    Feb 26 16:47:42 ipsec_starter[44532]: configuration 'con1000' unrouted
    Feb 26 16:47:42 ipsec_starter[44532]:
    Feb 26 16:47:42 charon: 14[CFG] received stroke: delete connection 'con1000'
    Feb 26 16:47:42 charon: 14[CFG] deleted connection 'con1000'
    Feb 26 16:47:42 charon: 14[CFG] received stroke: add connection 'bypasslan'
    Feb 26 16:47:42 charon: 14[CFG] added configuration 'bypasslan' Feb 26 16:47:42 charon: 10[CFG] received stroke: route 'bypasslan'
    Feb 26 16:47:42 ipsec_starter[44532]: 'bypasslan' shunt PASS policy installed
    Feb 26 16:47:42 ipsec_starter[44532]:
    Feb 26 16:47:42 charon: 14[CFG] received stroke: add connection 'con1000'
    Feb 26 16:47:42 charon: 14[CFG] added configuration 'con1000'
    Feb 26 16:47:42 charon: 12[CFG] received stroke: route 'con1000'
    Feb 26 16:47:42 ipsec_starter[44532]: 'con1000' routed
    Feb 26 16:47:42 ipsec_starter[44532]:
    Feb 26 16:47:47 charon: 09[IKE] <con1000|2>sending retransmit 4 of request message ID 0, seq 1
    Feb 26 16:47:47 charon: 09[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes)

    Hope you can all help me regarding this problem. btw I'm using PFsense 2.2.6 i886 in Site A and PFsense 2.2.6 AMD64 on Site B</con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3>

    0
  • V

    Already solved. thanks  ;D ;D :D

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy