Unable to established connection in IPsec PFSense
-
Good day! I am creating Site to site Ipsec Pfsense but the status on both configuration is only connecting…
Here is the logs for the Site A:
Feb 26 16:13:41 charon: 12[IKE] <con1000|3>sending retransmit 4 of request message ID 0, seq 1
Feb 26 16:13:41 charon: 12[NET] <con1000|3>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
Feb 26 16:14:23 charon: 12[IKE] <con1000|3>sending retransmit 5 of request message ID 0, seq 1
Feb 26 16:14:23 charon: 12[NET] <con1000|3>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
Feb 26 16:15:38 charon: 14[IKE] <con1000|3>giving up after 5 retransmits
Feb 26 16:15:38 charon: 14[IKE] <con1000|3>establishing IKE_SA failed, peer not responding
Feb 26 16:47:05 charon: 10[CFG] received stroke: terminate 'con1000'
Feb 26 16:47:05 charon: 10[CFG] no IKE_SA named 'con1000' found
Feb 26 16:47:05 charon: 10[CFG] received stroke: initiate 'con1000'
Feb 26 16:47:05 charon: 12[IKE] <con1000|4>initiating Aggressive Mode IKE_SA con1000[4] to 112.199.99.137
Feb 26 16:47:05 charon: 12[ENC] <con1000|4>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
Feb 26 16:47:05 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
Feb 26 16:47:09 charon: 12[IKE] <con1000|4>sending retransmit 1 of request message ID 0, seq 1
Feb 26 16:47:09 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
Feb 26 16:47:16 charon: 07[IKE] <con1000|4>sending retransmit 2 of request message ID 0, seq 1
Feb 26 16:47:16 charon: 07[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
Feb 26 16:47:29 charon: 12[IKE] <con1000|4>sending retransmit 3 of request message ID 0, seq 1
Feb 26 16:47:29 charon: 12[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
Feb 26 16:47:48 charon: 12[CFG] rereading secrets
Feb 26 16:47:48 charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 26 16:47:48 charon: 12[CFG] loaded IKE secret for %any 112.199.99.137
Feb 26 16:47:48 charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 26 16:47:48 charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 26 16:47:48 charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 26 16:47:48 charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 26 16:47:48 charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 26 16:47:48 charon: 16[CFG] received stroke: unroute 'bypasslan'
Feb 26 16:47:48 ipsec_starter[52097]: shunt policy 'bypasslan' uninstalled
Feb 26 16:47:48 ipsec_starter[52097]:
Feb 26 16:47:48 charon: 11[CFG] received stroke: delete connection 'bypasslan'
Feb 26 16:47:48 charon: 11[CFG] deleted connection 'bypasslan'
Feb 26 16:47:48 charon: 11[CFG] received stroke: unroute 'con1000'
Feb 26 16:47:48 ipsec_starter[52097]: configuration 'con1000' unrouted
Feb 26 16:47:48 ipsec_starter[52097]:
Feb 26 16:47:48 charon: 11[CFG] received stroke: delete connection 'con1000'
Feb 26 16:47:48 charon: 11[CFG] deleted connection 'con1000'
Feb 26 16:47:48 charon: 16[CFG] received stroke: add connection 'bypasslan'
Feb 26 16:47:48 charon: 16[CFG] added configuration 'bypasslan'
Feb 26 16:47:48 charon: 16[CFG] received stroke: route 'bypasslan'
Feb 26 16:47:48 ipsec_starter[52097]: 'bypasslan' shunt PASS policy installed
Feb 26 16:47:48 ipsec_starter[52097]:
Feb 26 16:47:48 charon: 16[CFG] received stroke: add connection 'con1000'
Feb 26 16:47:48 charon: 16[CFG] added configuration 'con1000'
Feb 26 16:47:48 charon: 16[CFG] received stroke: route 'con1000'
Feb 26 16:47:48 ipsec_starter[52097]: 'con1000' routed
Feb 26 16:47:48 ipsec_starter[52097]:
Feb 26 16:47:52 charon: 16[IKE] <con1000|4>sending retransmit 4 of request message ID 0, seq 1
Feb 26 16:47:52 charon: 16[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)
Feb 26 16:48:34 charon: 05[IKE] <con1000|4>sending retransmit 5 of request message ID 0, seq 1
Feb 26 16:48:34 charon: 05[NET] <con1000|4>sending packet: from 192.168.10.42[500] to 112.199.99.137[500] (380 bytes)Logs for Site B:
Feb 26 16:46:50 charon: 15[CFG] received stroke: route 'bypasslan'
Feb 26 16:46:50 ipsec_starter[44532]: 'bypasslan' shunt PASS policy installed Feb 26 16:46:50 ipsec_starter[44532]:
Feb 26 16:46:50 charon: 15[CFG] received stroke: add connection 'con1000' Feb 26 16:46:50 charon: 15[CFG] added configuration 'con1000' Feb 26 16:46:50 charon: 05[CFG] received stroke: route 'con1000'
Feb 26 16:46:50 ipsec_starter[44532]: 'con1000' routed Feb 26 16:46:50 ipsec_starter[44532]:
Feb 26 16:47:00 charon: 02[CFG] received stroke: terminate 'con1000'
Feb 26 16:47:00 charon: 02[CFG] no IKE_SA named 'con1000' found
Feb 26 16:47:00 charon: 02[CFG] received stroke: initiate 'con1000'
Feb 26 16:47:00 charon: 05[IKE] <con1000|2>initiating Aggressive Mode IKE_SA con1000[2] to 49.144.38.212
Feb 26 16:47:00 charon: 05[ENC] <con1000|2>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
Feb 26 16:47:00 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes)
Feb 26 16:47:04 charon: 05[IKE] <con1000|2>sending retransmit 1 of request message ID 0, seq 1
Feb 26 16:47:04 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:11 charon: 05[IKE] <con1000|2>sending retransmit 2 of request message ID 0, seq 1 Feb 26 16:47:11 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:24 charon: 05[IKE] <con1000|2>sending retransmit 3 of request message ID 0, seq 1
Feb 26 16:47:24 charon: 05[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes) Feb 26 16:47:42 charon: 05[CFG] rereading secrets
Feb 26 16:47:42 charon: 05[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 26 16:47:42 charon: 05[CFG] loaded IKE secret for %any 49.144.38.212 Feb 26 16:47:42 charon: 05[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 26 16:47:42 charon: 05[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 26 16:47:42 charon: 05[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 26 16:47:42 charon: 05[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 26 16:47:42 charon: 05[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 26 16:47:42 charon: 05[CFG] received stroke: unroute 'bypasslan'
Feb 26 16:47:42 ipsec_starter[44532]: shunt policy 'bypasslan' uninstalled
Feb 26 16:47:42 ipsec_starter[44532]:
Feb 26 16:47:42 charon: 14[CFG] received stroke: delete connection 'bypasslan'
Feb 26 16:47:42 charon: 14[CFG] deleted connection 'bypasslan'
Feb 26 16:47:42 charon: 10[CFG] received stroke: unroute 'con1000'
Feb 26 16:47:42 ipsec_starter[44532]: configuration 'con1000' unrouted
Feb 26 16:47:42 ipsec_starter[44532]:
Feb 26 16:47:42 charon: 14[CFG] received stroke: delete connection 'con1000'
Feb 26 16:47:42 charon: 14[CFG] deleted connection 'con1000'
Feb 26 16:47:42 charon: 14[CFG] received stroke: add connection 'bypasslan'
Feb 26 16:47:42 charon: 14[CFG] added configuration 'bypasslan' Feb 26 16:47:42 charon: 10[CFG] received stroke: route 'bypasslan'
Feb 26 16:47:42 ipsec_starter[44532]: 'bypasslan' shunt PASS policy installed
Feb 26 16:47:42 ipsec_starter[44532]:
Feb 26 16:47:42 charon: 14[CFG] received stroke: add connection 'con1000'
Feb 26 16:47:42 charon: 14[CFG] added configuration 'con1000'
Feb 26 16:47:42 charon: 12[CFG] received stroke: route 'con1000'
Feb 26 16:47:42 ipsec_starter[44532]: 'con1000' routed
Feb 26 16:47:42 ipsec_starter[44532]:
Feb 26 16:47:47 charon: 09[IKE] <con1000|2>sending retransmit 4 of request message ID 0, seq 1
Feb 26 16:47:47 charon: 09[NET] <con1000|2>sending packet: from 112.199.99.139[500] to 49.144.38.212[500] (380 bytes)Hope you can all help me regarding this problem. btw I'm using PFsense 2.2.6 i886 in Site A and PFsense 2.2.6 AMD64 on Site B</con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3>
-
Already solved. thanks ;D ;D :D
-
What is the solution please i have the same problem :/
ipsec_starter[35497]: configuration 'con1000' unrouted