VPN – Fixing Random IPsec VPN Tunnel Drops in Pfsense 2.02

freebsdipsecpfsensevpn

Ipsec vpn tunnels got disconnected randomly but when we restart raccon all tunnel will come up again with out any issue.I would like to know a permanent fix for this.

These are the logs:

racoon: ERROR: phase2 negotiation failed due to send error. 4ca6a54e16755b0b:5e5f8815483f5a75:0000abbe
racoon: [Off]: INFO: initiate new phase 2 negotiation: x.x.x.x[500]<=>x.x.x.x[500]
racoon: ERROR: failed to start post getspi.
racoon: ERROR: phase2 negotiation failed due to send error. 4ca6a54e16755b0b:5e5f8815483f5a75:0000d553
racoon: [Off]: INFO: initiate new phase 2 negotiation: x.x.x.x[500]<=>x.x.x.x[500]
racoon: ERROR: failed to start post getspi.

Best Answer

Looks like what happens when you have a misconfigured PPTP server and a client disconnects. PPTP server should never use a real assigned IP as its server IP.

Related Solutions

RV082 Gateway-Gateway VPN Won’t Connect

I have a site to site VPN beween two rv082's also. Checking my settings they show on both sides:

Local Security Gateway Type: IP Only
IP Address: external address
Local Security Group Type: Subnet
IP Address 192.168.188.0
Subnet Mask: 255.255.255.0

Remote Security Gateway Type: IP Only
IP Address: external address
Remote Security Group Type: Subnet
IP Address 192.168.166.0
Subnet Mask: 255.255.255.0

Keying Mode: IKE with Preshared key
Phase1 DH Group: Group 1
Phase1 Encryption: DES
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800
Perfect Forward Secrecy: Enabled
Phase2 DH Group: Group 1
Phase2 Encryption: DES
Phase2 Authentication: MD5
Phase2 SA Life Time: 3600

Aggressive Mode: Disabled
Dead Peer Detection (DPD): Enabled

The only difference I see is agressive mode, but you tried that. Obviously you have a matching preshared key. Interface is WAN1 on both. So you don't have anything glaring - but maybe disable aggressive mode. I also remember having to delete and recreate them a few times to get it connected. Have you tried that?

Cisco – IPsec tunnel keep crashing

Are either of the RV042 behind a firewall? Have you tried an older firmware on both? Can you get a third RV042 and try swapping out site B then try site A? Do both RV042 have identical date / time (do they look at the same NTP server)?

Best Answer

Related Solutions

RV082 Gateway-Gateway VPN Won’t Connect

Cisco – IPsec tunnel keep crashing

Related Topic