[pfSense] no stable ipsec connection after upgrade to 2.2

[Thorsten Leiser]

Hi,

I got a serious problem with my ipsec connection since the upgrade from 
2.1.4 to 2.2.
the ipsec connection to the sophos utm 9.2 has always been stable, but 
now since the upgrade, the best I can get is a tunnel for a few minutes 
with a verly low throughput. To achieve this I have to restart the ipsec 
tunnels on pfsense side multiple times.
At pfsense side i get the following logs:
...
Feb 25 06:34:20     charon: 07[ENC] parsed INFORMATIONAL_V1 request 
1273556555 [ HASH N(INVAL_ID) ]
Feb 25 06:34:20     charon: 07[IKE] <con2|6> received 
INVALID_ID_INFORMATION error notify
Feb 25 06:34:20     charon: 07[IKE] received INVALID_ID_INFORMATION 
error notify
Feb 25 06:34:20     charon: 07[IKE] <con2|6> received 
INVALID_ID_INFORMATION error notify
Feb 25 06:34:20     charon: 07[IKE] received INVALID_ID_INFORMATION 
error notify
Feb 25 06:34:20     charon: 14[NET] received packet: from 
62.145.1.129[4500] to 10.10.10.102[4500] (60 bytes)
Feb 25 06:34:20     charon: 14[ENC] parsed INFORMATIONAL_V1 request 
146318291 [ HASH N(INVAL_ID) ]
Feb 25 06:34:20     charon: 14[IKE] <con2|6> received 
INVALID_ID_INFORMATION error notify
Feb 25 06:34:20     charon: 14[IKE] received INVALID_ID_INFORMATION 
error notify
Feb 25 06:34:20     charon: 14[NET] received packet: from 
62.145.1.129[4500] to 10.10.10.102[4500] (60 bytes)
...
At sophos side get these logs:
...
S_HomeOffice-Leiser" #95663: peer client ID returned doesn't match my 
proposal
2015:02:25-06:33:50 FIREWALL01-2 pluto[6827]: "S_HomeOffice-Leiser" 
#95663: sending encrypted notification INVALID_ID_INFORMATION to 
109.193.113.99:4500
2015:02:25-06:33:50 FIREWALL01-2 pluto[6827]: "S_HomeOffice-Leiser" 
#95667: peer client ID returned doesn't match my proposal
2015:02:25-06:33:50 FIREWALL01-2 pluto[6827]: "S_HomeOffice-Leiser" 
#95667: sending encrypted notification INVALID_ID_INFORMATION to 
109.193.113.99:4500
2015:02:25-06:33:50 FIREWALL01-2 pluto[6827]: "S_HomeOffice-Leiser" 
#95669: peer client ID returned doesn't match my proposal
2015:02:25-06:33:50 FIREWALL01-2 pluto[6827]: "S_HomeOffice-Leiser" 
#95669: sending encrypted notification INVALID_ID_INFORMATION to 
109.193.113.99:4500
2015:02:25-06:33:50 FIREWALL01-2 pluto[6827]: "S_HomeOffice-Leiser" 
#95666: peer client ID returned doesn't match my proposal
2015:02:25-06:33:50 FIREWALL01-2 pluto[6827]: "S_HomeOffice-Leiser" 
#95666: sending encrypted notification INVALID_ID_INFORMATION to 
109.193.113.99:4500
2015:02:25-06:33:50 FIREWALL01-2 pluto[6827]: "S_HomeOffice-Leiser" 
#95665: peer client ID returned doesn't match my proposal
2015:02:25-06:33:50 FIREWALL01-2 pluto[6827]: "S_HomeOffice-Leiser" 
#95665: sending encrypted notification INVALID_ID_INFORMATION to 
109.193.113.99:4500
2015:02:25-06:33:50 FIREWALL01-2 pluto[6827]: "S_HomeOffice-Leiser" 
#95664: peer client ID returned doesn't match my proposal
...

Has anyone made the same experiences with ipsec since the upgrade?

Regards

Thorsten
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold