Text only | Text with Images

OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: c-mu on July 29, 2019, 03:42:29 PM

Title: 19.7.1 IPSec not stable
Post by: c-mu on July 29, 2019, 03:42:29 PM
Hi,

Master Server: 18.7.10_4
Remote Server: 19.7.1 (problem site)

The IPSec tunnel to this remote Server not stable. After a time, the tunnel breaks down and I get some Auth Failures. Other OpenVPN and IPSec tunnels from Master are not affected. The only way to get the VPN tunnel up again is to restart the strongswan service on remote site. DeadPeerDetection is active.

Here is the Logfile when the tunnel cant be established: Any Ideas? Server  is freshly rebooted this morning after 2 lost connections.

Code Select
Jul 29 15:22:16 charon: 10[IKE] <con1|2> failed to establish CHILD_SA, keeping IKE_SA
Jul 29 15:22:16 charon: 10[IKE] <con1|2> received TS_UNACCEPTABLE notify, no CHILD_SA built
Jul 29 15:22:16 charon: 10[ENC] <con1|2> parsed CREATE_CHILD_SA response 185 [ N(TS_UNACCEPT) ]
Jul 29 15:22:16 charon: 10[NET] <con1|2> received packet: from 82.x.x.x[4500] to 80.x.x.x[4500] (80 bytes)
Jul 29 15:22:16 charon: 09[NET] <con1|2> sending packet: from 80.x.x.x[4500] to 82.x.x.x[4500] (432 bytes)
Jul 29 15:22:16 charon: 09[ENC] <con1|2> generating CREATE_CHILD_SA request 185 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 29 15:22:16 charon: 09[IKE] <con1|2> establishing CHILD_SA con1{304} reqid 2
Jul 29 15:22:16 charon: 10[KNL] creating acquire job for policy 80.x.x.x/32 === 82.x.x.x/32 with reqid {2}
Jul 29 15:22:14 charon: 10[NET] <con1|2> sending packet: from 80.x.x.x[4500] to 82.x.x.x[4500] (80 bytes)
Jul 29 15:22:14 charon: 10[ENC] <con1|2> generating CREATE_CHILD_SA response 154 [ N(TS_UNACCEPT) ]
Jul 29 15:22:14 charon: 10[IKE] <con1|2> failed to establish CHILD_SA, keeping IKE_SA
Jul 29 15:22:14 charon: 10[IKE] <con1|2> traffic selectors 192.168.20.0/24 === 172.27.0.0/21 10.0.16.0/22 192.168.155.0/24 192.168.227.0/24 10.27.100.0/24 192.168.221.0/24 10.27.104.0/24 192.168.229.0/24 172.16.0.0/23 10.99.211.0/24 10.0.12.0/22 10.0.20.0/22 unacceptable
Jul 29 15:22:14 charon: 10[IKE] <con1|2> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Jul 29 15:22:14 charon: 10[ENC] <con1|2> parsed CREATE_CHILD_SA request 154 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 29 15:22:14 charon: 10[NET] <con1|2> received packet: from 82.x.x.x[4500] to 80.x.x.x[4500] (432 bytes)
Jul 29 15:22:14 charon: 09[IKE] <con1|2> failed to establish CHILD_SA, keeping IKE_SA
Jul 29 15:22:14 charon: 09[IKE] <con1|2> received TS_UNACCEPTABLE notify, no CHILD_SA built
Jul 29 15:22:14 charon: 09[ENC] <con1|2> parsed CREATE_CHILD_SA response 184 [ N(TS_UNACCEPT) ]
Jul 29 15:22:14 charon: 09[NET] <con1|2> received packet: from 82.x.x.x[4500] to 80.x.x.x[4500] (80 bytes)
Jul 29 15:22:14 charon: 09[NET] <con1|2> sending packet: from 80.x.x.x[4500] to 82.x.x.x[4500] (432 bytes)
Jul 29 15:22:14 charon: 09[ENC] <con1|2> generating CREATE_CHILD_SA request 184 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 29 15:22:14 charon: 09[IKE] <con1|2> establishing CHILD_SA con1{303} reqid 2
Jul 29 15:22:14 charon: 10[KNL] creating acquire job for policy 80.x.x.x/32 === 82.x.x.x/32 with reqid {2}
Jul 29 15:22:12 charon: 09[IKE] <con1|2> failed to establish CHILD_SA, keeping IKE_SA
Jul 29 15:22:12 charon: 09[IKE] <con1|2> received TS_UNACCEPTABLE notify, no CHILD_SA built
Jul 29 15:22:12 charon: 09[ENC] <con1|2> parsed CREATE_CHILD_SA response 183 [ N(TS_UNACCEPT) ]
Jul 29 15:22:12 charon: 09[NET] <con1|2> received packet: from 82.x.x.x[4500] to 80.x.x.x[4500] (80 bytes)
Jul 29 15:22:12 charon: 09[NET] <con1|2> sending packet: from 80.x.x.x[4500] to 82.x.x.x[4500] (432 bytes)
Jul 29 15:22:12 charon: 09[ENC] <con1|2> generating CREATE_CHILD_SA request 183 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 29 15:22:12 charon: 09[IKE] <con1|2> establishing CHILD_SA con1{302} reqid 2
Jul 29 15:22:12 charon: 10[KNL] creating acquire job for policy 80.x.x.x/32 === 82.x.x.x/32 with reqid {2}
Jul 29 15:22:11 charon: 13[IKE] <con1|2> failed to establish CHILD_SA, keeping IKE_SA
Jul 29 15:22:11 charon: 13[IKE] <con1|2> received TS_UNACCEPTABLE notify, no CHILD_SA built
Jul 29 15:22:11 charon: 13[ENC] <con1|2> parsed CREATE_CHILD_SA response 182 [ N(TS_UNACCEPT) ]
Jul 29 15:22:11 charon: 13[NET] <con1|2> received packet: from 82.x.x.x[4500] to 80.x.x.x[4500] (80 bytes)
Jul 29 15:22:11 charon: 13[NET] <con1|2> sending packet: from 80.x.x.x[4500] to 82.x.x.x[4500] (432 bytes)
Jul 29 15:22:11 charon: 13[ENC] <con1|2> generating CREATE_CHILD_SA request 182 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 29 15:22:11 charon: 13[IKE] <con1|2> establishing CHILD_SA con1{301} reqid 2
Jul 29 15:22:11 charon: 10[KNL] creating acquire job for policy 80.x.x.x/32 === 82.x.x.x/32 with reqid {2}
Jul 29 15:22:10 charon: 13[IKE] <con1|2> failed to establish CHILD_SA, keeping IKE_SA
Jul 29 15:22:10 charon: 13[IKE] <con1|2> received TS_UNACCEPTABLE notify, no CHILD_SA built
Jul 29 15:22:10 charon: 13[ENC] <con1|2> parsed CREATE_CHILD_SA response 181 [ N(TS_UNACCEPT) ]
Jul 29 15:22:10 charon: 13[NET] <con1|2> received packet: from 82.x.x.x[4500] to 80.x.x.x[4500] (80 bytes)
Jul 29 15:22:10 charon: 13[NET] <con1|2> sending packet: from 80.x.x.x[4500] to 82.x.x.x[4500] (432 bytes)
Jul 29 15:22:10 charon: 13[ENC] <con1|2> generating CREATE_CHILD_SA request 181 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 29 15:22:10 charon: 13[IKE] <con1|2> establishing CHILD_SA con1{300} reqid 2
Jul 29 15:22:10 charon: 10[KNL] creating acquire job for policy 80.x.x.x/32 === 82.x.x.x/32 with reqid {2}
Jul 29 15:22:09 charon: 10[CFG] received stroke: route 'con1'
Jul 29 15:22:09 charon: 14[CFG] added configuration 'con1'
Jul 29 15:22:09 charon: 14[CFG] received stroke: add connection 'con1'
Text only | Text with Images