Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Racoon service stops unexpectedly

    IPsec
    3
    4
    6.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pesh
      last edited by

      I've been having a problem with pfSense 1.2 since I first installed it, whereby the racoon service suddenly stops, and all VPNs go down. This happens intermittently and the only correlation I can find is a message that appears in the logs just before it quits, marked with XXX below (the subsequent manual restart of the service is marked with ***)

      Aug 14 15:44:05 racoon: INFO: Resize address pool from 0 to 255
          Aug 14 15:44:05 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
          Aug 14 15:44:05 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
      *** Aug 14 15:44:05 racoon: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)
      XXX Aug 14 15:39:14 racoon: ERROR: parse error is nothing, but yyerrorcount is 2.
          Aug 14 15:39:00 racoon: ERROR: failed to pre-process packet.
          Aug 14 15:39:00 racoon: ERROR: failed to get sainfo.
          Aug 14 15:39:00 racoon: ERROR: failed to get sainfo.
          Aug 14 15:39:00 racoon: [Easington]: INFO: respond new phase 2 negotiation: 195.97.███.██[0]<=>86.140.██.██[0]
          Aug 14 15:38:57 racoon: ERROR: failed to pre-process packet.
          Aug 14 15:38:57 racoon: ERROR: failed to get sainfo.
          Aug 14 15:38:57 racoon: ERROR: failed to get sainfo.
          Aug 14 15:38:57 racoon: [Texas]: INFO: respond new phase 2 negotiation: 195.97.███.██[0]<=>216.85.███.███[0]
          Aug 14 15:38:53 racoon: [DataCentre]: ERROR: 195.188.███.██ give up to get IPsec-SA due to time up to wait.

      Any ideas what might be causing this, and how I can fix?

      1 Reply Last reply Reply Quote 0
      • P
        pesh
        last edited by

        It's still doing it, and I still have no idea why. Also, individual VPN tunnels to a Siemens 5830 and a Cisco ASA 5505 go down occasionally, and have to have their SAD entries manually removed to start them up again, or restart racoon.

        Honestly, this has to be the flakiest, most unreliable IPSec implementation I've ever encountered. Calling the 1.2 release stable is just wrong when this component of it has so many issues. The rest of the pfSense is fine but this unfortunately really lets it down hard. I'm starting to look for a replacement.

        1 Reply Last reply Reply Quote 0
        • D
          databeestje
          last edited by

          Sounds like differing lifetimes and one or the other side not honouring those times.

          1 Reply Last reply Reply Quote 0
          • H
            heiko
            last edited by

            Heh, and what says the other logs from the other endpoints?

            regards
            heiko

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.