OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: FCM on June 11, 2018, 04:42:39 pm
-
Hello :)
I have 2 distant sites connected to my main site with IPsec VPN.
At first everything was fine...
and then, after less than a day, no more VPN !
The IPsec connexion status on each site said that everything was connected and routed but nothing go through them...
And then, with no reason it was up again ! and after some times (could be 45 mn or 6 hours) it was down again...
It happend with both distant sites, not at the same time (one is running fine, not the other, then the 2 of them, them none,...)
I activated DPD on everyone but it changes nothing...
So what can I check or change ? work or dont work I can understand but when it's random it's not easy to find...
Thanks
I put my log of the main site, in case of :
Jun 11 16:40:46 charon: 11[NET] <con1|68> sending packet: from 192.168.13.4[500] to 80.14.223.215[500] (464 bytes)
Jun 11 16:40:46 charon: 11[IKE] <con1|68> retransmit 1 of request with message ID 0
Jun 11 16:40:45 charon: 09[IKE] <con2|3> CHILD_SA con2{5} established with SPIs c2e53322_i cc5291b7_o and TS 10.0.0.0/24 192.168.20.0/23 === 10.2.1.0/24 192.168.71.0/24
Jun 11 16:40:45 charon: 09[IKE] <con2|3> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Jun 11 16:40:45 charon: 09[ENC] <con2|3> parsed CREATE_CHILD_SA response 0 [ N(ESP_TFC_PAD_N) SA No KE TSi TSr ]
Jun 11 16:40:45 charon: 09[NET] <con2|3> received packet: from 88.188.61.125[4500] to 192.168.13.4[4500] (528 bytes)
Jun 11 16:40:44 charon: 09[NET] <con2|3> sending packet: from 192.168.13.4[4500] to 88.188.61.125[4500] (468 bytes)
Jun 11 16:40:44 charon: 09[NET] <con2|3> sending packet: from 192.168.13.4[4500] to 88.188.61.125[4500] (1236 bytes)
Jun 11 16:40:44 charon: 09[ENC] <con2|3> generating CREATE_CHILD_SA request 0 [ EF(2/2) ]
Jun 11 16:40:44 charon: 09[ENC] <con2|3> generating CREATE_CHILD_SA request 0 [ EF(1/2) ]
Jun 11 16:40:44 charon: 09[ENC] <con2|3> splitting IKE message with length of 1616 bytes into 2 fragments
Jun 11 16:40:44 charon: 09[ENC] <con2|3> generating CREATE_CHILD_SA request 0 [ N(ESP_TFC_PAD_N) SA No KE TSi TSr ]
Jun 11 16:40:44 charon: 09[IKE] <con2|3> establishing CHILD_SA con2{5}
Jun 11 16:40:44 charon: 11[CFG] received stroke: initiate 'con2'
Jun 11 16:40:44 charon: 13[JOB] <67> deleting half open IKE_SA with 80.14.223.215 after timeout
Jun 11 16:40:42 charon: 16[NET] <con1|68> sending packet: from 192.168.13.4[500] to 80.14.223.215[500] (464 bytes)
Jun 11 16:40:42 charon: 16[ENC] <con1|68> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jun 11 16:40:42 charon: 16[IKE] <con1|68> initiating IKE_SA con1[68] to 80.14.223.215
Jun 11 16:40:42 charon: 15[CFG] received stroke: initiate 'con1'
Jun 11 16:40:34 charon: 16[IKE] <67> sending keep alive to 80.14.223.215[500]
Jun 11 16:40:26 charon: 16[IKE] <con1|58> establishing IKE_SA failed, peer not responding
Jun 11 16:40:26 charon: 16[IKE] <con1|58> giving up after 5 retransmits
Jun 11 16:40:23 charon: 16[IKE] <con2|3> sending keep alive to 88.188.61.125[4500]
Jun 11 16:40:14 charon: 16[NET] <67> sending packet: from 192.168.13.4[500] to 80.14.223.215[500] (489 bytes)
Jun 11 16:40:14 charon: 16[ENC] <67> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Jun 11 16:40:14 charon: 16[IKE] <67> sending cert request for "C=NL, ST=ZH, L=Middelharnis, O=OPNsense, E=spam@opnsense.org, CN=internal-sslvpn-ca"
Jun 11 16:40:14 charon: 16[IKE] <67> remote host is behind NAT
Jun 11 16:40:14 charon: 16[IKE] <67> local host is behind NAT, sending keep alives
Jun 11 16:40:14 charon: 16[IKE] <67> 80.14.223.215 is initiating an IKE_SA
Jun 11 16:40:14 charon: 16[ENC] <67> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jun 11 16:40:14 charon: 16[NET] <67> received packet: from 80.14.223.215[500] to 192.168.13.4[500] (464 bytes)
Jun 11 16:40:03 charon: 05[IKE] <con2|3> sending keep alive to 88.188.61.125[4500]
Jun 11 16:39:56 charon: 05[JOB] <66> deleting half open IKE_SA with 80.14.223.215 after timeout
Jun 11 16:39:50 charon: 05[NET] <66> sending packet: from 192.168.13.4[500] to 80.14.223.215[500] (489 bytes)
Jun 11 16:39:50 charon: 05[IKE] <66> received retransmit of request with ID 0, retransmitting response
Jun 11 16:39:50 charon: 05[ENC] <66> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jun 11 16:39:50 charon: 05[NET] <66> received packet: from 80.14.223.215[500] to 192.168.13.4[500] (464 bytes)
Jun 11 16:39:46 charon: 05[IKE] <66> sending keep alive to 80.14.223.215[500]
Jun 11 16:39:37 charon: 05[NET] <66> sending packet: from 192.168.13.4[500] to 80.14.223.215[500] (489 bytes)
Jun 11 16:39:37 charon: 05[IKE] <66> received retransmit of request with ID 0, retransmitting response
Jun 11 16:39:37 charon: 05[ENC] <66> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jun 11 16:39:37 charon: 05[NET] <66> received packet: from 80.14.223.215[500] to 192.168.13.4[500] (464 bytes)
Jun 11 16:39:36 charon: 05[CFG] ignoring acquire, connection attempt pending
Jun 11 16:39:36 charon: 16[KNL] creating acquire job for policy 192.168.13.4/32 === 80.14.223.215/32 with reqid {1}
Jun 11 16:39:30 charon: 16[IKE] <con2|3> sending keep alive to 88.188.61.125[4500]
Jun 11 16:39:30 charon: 16[NET] <66> sending packet: from 192.168.13.4[500] to 80.14.223.215[500] (489 bytes)
Jun 11 16:39:30 charon: 16[IKE] <66> received retransmit of request with ID 0, retransmitting response
Jun 11 16:39:30 charon: 16[ENC] <66> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jun 11 16:39:30 charon: 16[NET] <66> received packet: from 80.14.223.215[500] to 192.168.13.4[500] (464 bytes)
Jun 11 16:39:26 charon: 16[NET] <66> sending packet: from 192.168.13.4[500] to 80.14.223.215[500] (489 bytes)