IPsec failure after upgrade to 2.3 - resolved



  • https://forum.pfsense.org/index.php?topic=111262.0
    is a topic in this forum "Version 2.3 IPSec both sides" started by "cpirasa"
    where I commented with "I have the same problem …"
    After that I was trying to resolve it and finally it is working again.

    I have 2 pfSense firewalls (both on PC engines boards) and I had working
    IPsec between them on version 2.2.6
    After I upgraded both of them to 2.3 IPsec would not connect.
    Below are logs the from both sides.

    May 4 11:47:27    charon      15[IKE] <con3000|20>received NO_PROPOSAL_CHOSEN error notify
    May 4 11:47:27    charon      15[ENC] <con3000|20>parsed INFORMATIONAL_V1 request 3826032390 [ N(NO_PROP) ]
    May 4 11:47:27    charon      15[NET] <con3000|20>received packet: from xxxx [500] to xxxx [500] (40 bytes)
    May 4 11:47:27    charon      15[NET] <con3000|20>sending packet: from xxxx [500] to xxxx [500] (180 bytes)
    May 4 11:47:27    charon      15[ENC] <con3000|20>generating ID_PROT request 0 [ SA V V V V V ]
    May 4 11:47:27    charon      15[IKE] <con3000|20>initiating Main Mode IKE_SA con3000[20] to xxxx
    May 4 11:47:27    charon      07[KNL] creating acquire job for policy xxxx /32|/0 === xxxx /32|/0 with reqid {9}

    May 4 11:47:27    charon      12[NET] <15> sending packet: from xxxx [500] to xxxx [500] (40 bytes)
    May 4 11:47:27    charon      12[ENC] <15> generating INFORMATIONAL_V1 request 3826032390 [ N(NO_PROP) ]
    May 4 11:47:27    charon      12[IKE] <15> no IKE config found for xxxx … xxxx , sending NO_PROPOSAL_CHOSEN
    May 4 11:47:27    charon      12[ENC] <15> parsed ID_PROT request 0 [ SA V V V V V ]
    May 4 11:47:27    charon      12[NET] <15> received packet: from xxxx [500] to xxxx [500] (180 bytes)

    I tried changing configs, restarting the service, …  nothing helped !

    I am only guessing, but I think the important info in the logs was no IKE config found.
    I made the steps which made it work again on the side where this was in the logs.
    Here they are:

    • stop the ipsec service
    • delete all IPsec configuratios
    • restart the firewall
    • enter all config again
    • restart ipsec service

    I do not know if all steps are really necessary, but this is exactly what I did and it helped me.
    Maybe it will help someone else …

    Regards Miro
    http://www.rsmm.si</con3000|20></con3000|20></con3000|20></con3000|20></con3000|20></con3000|20>


Log in to reply