Bug #7482
closed
found 1 matching config, but none allows pre-shared key authentication using Main Mode
0%
Description
pfSense 2.3.2-RELEASE
We have many site-to-site vpn's configured in our pfSense, an i386 vm running on vmware.
Three of them suddenly begin to fall, one after the other, 2 a.m. the first one, 3 a.m. the second one, at 6 a.m. the third one falls unrecoverable.
When trying to disconnect and connect again, any of them, on the ipsec log we have:
Apr 19 05:15:34 charon: 12[IKE] <7152> found 1 matching config, but none allows pre-shared key authentication using Main Mode
Apr 19 05:15:34 charon: 12[ENC] <7152> generating INFORMATIONAL_V1 request 4141821673 [ HASH N(AUTH_FAILED) ]
The only solution that we found, was to reboot the vm, completely, after what they started to work OK, just like the rest of the site-to-site vpn configurations.
None of the psk was changed, no change was made since weeks ago.
I'm submitting one of the configurations that failed (that at 6 a.m.):
conn con11000
fragmentation = yes
keyexchange = ikev1
reauth = yes
forceencaps = no
mobike = no
rekey = yes
installpolicy = yes
type = tunnel
dpdaction = clear
dpddelay = 10s
dpdtimeout = 60s
auto = add
left = 1xx.xx.xx.126
right = 1xx.xxx.xxx.6
leftid = 1xx.xx.xx.126
ikelifetime = 28800s
lifetime = 3600s
ike = aes256-sha1-modp1024!
esp = aes256-sha1-modp1024!
leftauth = psk
rightauth = psk
rightid = 1xx.xxx.xxx.6
aggressive = no
rightsubnet = 1x.xxx.xx.7
leftsubnet = 1x.xxx.0.0/16Any help, greatly appreciated.
Files
Updated by 
Updated by 
