• Does anyone know the bandwidth of an IPSEC VPN tunnel?

    Locked
    18
    0 Votes
    18 Posts
    14k Views
    J

    Thank  you guys.

  • 1.2-RC4 IPSec Tunnel problem

    Locked
    16
    0 Votes
    16 Posts
    10k Views
    J

    Thanks for letting me know that Seth.

  • Problem with pfsense 1.2rc4 vpn and voip

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Having problems with pfSense -> pfSense VPN

    Locked
    5
    0 Votes
    5 Posts
    9k Views
    B

    The upgrade did not help, so I decided to drop to eh command shell and run racoon with some more debugging enabled.

    That showed me what the problem was immediately. I had incorrectly specified the the remote LAN as 10.0.0.1/24 not 10.0.0.0/24 Correcting this sill mistake in my configuration sorted it out.

    Regards

    Ben

  • WAN traffic stopping.

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • IPSec Tunnel and remote microsoft outlook users

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    J

    Thanks razor2000, for the useful information that you have provided me.

  • Multiple wan, multiple IPSEC connections

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • New setup, site to site netgear v1

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    F

    I have a customer with a similar type of setup and it's working fine.  He is using roadrunner and the ip does change.  I setup dynamic DNS on his end and just up date the pf-sense end when it changes.
    RC

  • 2000 IPsec tunnels??

    Locked
    15
    0 Votes
    15 Posts
    8k Views
    E

    From racoon2 recommandations:

    1. Recommended system configuration
    == ================================

    Both NetBSD and FreeBSD have the kernel state, "net.key.blockacq_count"
      to setup the behavior how many packet the kernel will block until the
      suitable SA will be installed.  The state sometimes disturbs
      retransmission of the key exchange message.  We recommend you to set
      it to zero.

    # sysctl -w net.key.blockacq_count=0

    And FreeBSD also has the kernel state, "net.key.preferred_old" to use an
      old SA preferred to a new SA.  The state sometimes disturbs
      interoperability.  We recommend you to set it to zero.

    # sysctl -w net.key.preferred_oldsa=0

  • IPSsec between PFSense <-> Cisco

    Locked
    11
    0 Votes
    11 Posts
    14k Views
    K

    @Blobot:

    UP ! :)

    Could you please send me a short description of how you mananged to get it up and running?
    Thanks!

  • Nortel <-> pfSense lifetime problem?

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    S

    @heiko:

    First, "no compression" on the nortel and please try phase 1 "28800" and phase 2 "86400".

    Why shuld phase 2 last longer than phase 1? Isn't that oposit?

  • 0 Votes
    1 Posts
    2k Views
    No one has replied
  • Site-to-Site, pfsense 1.2-RC3-to-pfsense 1.2-RC3

    Locked
    10
    0 Votes
    10 Posts
    4k Views
    jahonixJ

    May I suggest you read here:

    http://en.wikipedia.org/wiki/Broadcast_%28disambiguation%29

    Follow the links under section "In computer networking"

  • IPSec tunnel and dinamic IP

    Locked
    31
    0 Votes
    31 Posts
    18k Views
    S

    1.2 is frozen.

  • IPsec tunnels on a system with a dynamically configured WAN IP address

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S

    No, that will arrive in 1.3.

  • Netopia to Pfsense IPsec tunnel

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    J

    I tried setting up an aggressive tunnel with sha1, des, email address identifier, and shared key all matching… setup the subnets correctly on both sides. (same settings worked perfectly on my netscreen)

    I then tried main mode with the same settings as above.

    I tried aggressive with 3des, md5, as well as main mode with 3des, md5 all the other settings are the same. I get the same thing every time I save the ipsec information in the log file.

    Last 50 IPSEC log entries
    Jan 21 11:28:29 racoon: ERROR: configuration read failed
    Jan 21 11:28:29 racoon: ERROR: fatal parse failure (1 errors)
    Jan 21 11:28:29 racoon: ERROR: /var/etc/racoon.conf:5: "on" syntax error
    Jan 21 11:28:29 racoon: ERROR: not acceptable Identity Protection mode
    Jan 21 11:28:26 racoon: ERROR: failed to process packet.
    Jan 21 11:28:26 racoon: ERROR: failed to get valid proposal.
    Jan 21 11:28:26 racoon: ERROR: no suitable proposal found.
    Jan 21 11:28:26 racoon: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = SHA:MD5
    Jan 21 11:28:26 racoon: WARNING: No ID match.
    Jan 21 11:28:26 racoon: INFO: begin Aggressive mode.
    Jan 21 11:28:26 racoon: [Marc Avila]: INFO: respond new phase 1 negotiation: 68.127.230.124[500]<=>71.243.199.124[500]
    Jan 21 11:28:25 racoon: ERROR: failed to process packet.
    Jan 21 11:28:25 racoon: ERROR: failed to get valid proposal.
    Jan 21 11:28:25 racoon: ERROR: no suitable proposal found.
    Jan 21 11:28:25 racoon: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = SHA:MD5
    Jan 21 11:28:25 racoon: INFO: begin Aggressive mode.
    Jan 21 11:28:25 racoon: INFO: respond new phase 1 negotiation: 68.127.230.124[500]<=>75.6.178.20[500]
    Jan 21 11:28:22 racoon: ERROR: not acceptable Identity Protection mode
    Jan 21 11:28:20 racoon: ERROR: failed to process packet.
    Jan 21 11:28:20 racoon: ERROR: failed to get valid proposal.
    Jan 21 11:28:20 racoon: ERROR: no suitable proposal found.
    Jan 21 11:28:20 racoon: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = SHA:MD5
    Jan 21 11:28:20 racoon: INFO: begin Aggressive mode.
    Jan 21 11:28:20 racoon: INFO: respond new phase 1 negotiation: 68.127.230.124[500]<=>68.238.74.36[500]
    Jan 21 11:28:18 racoon: ERROR: failed to process packet.
    Jan 21 11:28:18 racoon: ERROR: failed to get valid proposal.
    Jan 21 11:28:18 racoon: ERROR: no suitable proposal found.
    Jan 21 11:28:18 racoon: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = SHA:MD5
    Jan 21 11:28:18 racoon: INFO: begin Aggressive mode.
    Jan 21 11:28:18 racoon: INFO: respond new phase 1 negotiation: 68.127.230.124[500]<=>66.189.169.99[500]
    Jan 21 11:28:14 racoon: ERROR: not acceptable Identity Protection mode
    Jan 21 11:28:10 racoon: ERROR: failed to process packet.
    Jan 21 11:28:10 racoon: ERROR: failed to get valid proposal.
    Jan 21 11:28:10 racoon: ERROR: no suitable proposal found.
    Jan 21 11:28:10 racoon: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = SHA:MD5
    Jan 21 11:28:10 racoon: INFO: begin Aggressive mode.
    Jan 21 11:28:10 racoon: INFO: respond new phase 1 negotiation: 68.127.230.124[500]<=>75.6.178.20[500]
    Jan 21 11:28:07 racoon: ERROR: not acceptable Identity Protection mode
    Jan 21 11:28:07 racoon: INFO: unsupported PF_KEY message REGISTER
    Jan 21 11:28:05 racoon: ERROR: failed to process packet.
    Jan 21 11:28:05 racoon: ERROR: failed to get valid proposal.
    Jan 21 11:28:05 racoon: ERROR: no suitable proposal found.
    Jan 21 11:28:05 racoon: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = SHA:MD5
    Jan 21 11:28:05 racoon: INFO: begin Aggressive mode.
    Jan 21 11:28:05 racoon: INFO: respond new phase 1 negotiation: 68.127.230.124[500]<=>68.238.74.36[500]
    Jan 21 11:28:05 racoon: INFO: unsupported PF_KEY message REGISTER
    Jan 21 11:28:03 racoon: ERROR: failed to process packet.
    Jan 21 11:28:03 racoon: ERROR: failed to get valid proposal.
    Jan 21 11:28:03 racoon: ERROR: no suitable proposal found.
    Jan 21 11:28:03 racoon: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = SHA:MD5

  • IPSEC / Rules

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    GruensFroeschliG

    Set protocol to any.
    In your posted rule you have as protocol TCP.

  • IPsec wont start

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    J

    How about is there a simple netopia ipsec to pfsense how to? I have read on forums about people getting it working with monowall so it should be about the same situation right?

    Has anyone else gotten a netopia to Pfsense ipsec tunnel working?

  • LOG ERROR: "RACOON process is hung in sbwait. Restarting."

    Locked
    10
    0 Votes
    10 Posts
    4k Views
    D

    1.2-RC4 has this problem fixed. Please upgrade.

  • How to speed up IPSEC, hardware encryption devices????

    Locked
    8
    0 Votes
    8 Posts
    9k Views
    G

    Well… I've seen a note, but i couldnt find any 3des encryption cards in Russia unfortunately.... :-( Actually i just installed rc3, and will check speed up.

    UUUUFFF, you are so lucky having hifn card  >:(

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.