IPSec errors in log

hammaskejju

Hello!

I have pfSense 1.0.1 and it works fine. I have made few IPSec tunnels with it and they worked fine.

Now I have three computers with fresh installation of pfSense 1.2
Everything works fine… well not everything: I cant't get IPSec to work.

I've tried to do everything. Tried to change everything, but all I get is weird errors in log.

First the error messages:

Aug 29 23:49:03 racoon: ERROR: fatal parse failure (1 errors)
Aug 29 23:49:03 racoon: ERROR: /var/etc/racoon.conf:5: "la" syntax error
Aug 29 23:49:03 racoon: INFO: Resize address pool from 0 to 255
Aug 29 23:49:03 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Aug 29 23:49:03 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Aug 29 23:49:03 racoon: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)
Aug 29 23:42:46 racoon: ERROR: fatal parse failure (1 errors)
Aug 29 23:42:46 racoon: ERROR: /var/etc/racoon.conf:5: "la" syntax error
Aug 29 23:42:46 racoon: INFO: Resize address pool from 0 to 255
Aug 29 23:42:46 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Aug 29 23:42:46 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Aug 29 23:42:46 racoon: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)

Now... I'm wondering what can cause theese fatal errors and syntax errors?

Now to my configuration.

I have now two computers. They are exactly same kind of computers (Processor, NIC etc.). I have installed pfSense to CF card. It works fine.

WAN get's IP from DHCP and both WAN's are connected to router. They get's public IP.
I have an account in DynDNS, so I have configured DNS names for each computer. DynDNS works fine.

Now finally to the configuration:

|
First computer (Firewall1.dyndns.org):

Local subnet: LAN Subnet
Remote subnet: 192.168.20.0/24
Remote gateway: Firewall2.dyndns.org (works ok, pings ok)
Negotiation: Main
My identifier: FQDN (myemail@mydomain.net)
Encryption: 3DES
Hash: MD5
DH Key group
Lifetime: 28800
Authentication: Pre shared key
Pre shared key: MyPassW0rd

Phase 2
Protocol: ESP
Encryption alg: 3DES
Hash: MD5
PFS key group:
| And the second computer: (Firewall2.dyndns.org):

Local subnet: LAN Subnet
Remote subnet: 192.168.10.0/24
Remote gateway: Firewall1.dyndns.org (works ok, pings ok)
Negotiation: Main
My identifier: FQDN (myemail@mydomain.net)
Encryption: 3DES
Hash: MD5
DH Key group
Lifetime: 28800
Authentication: Pre shared key
Pre shared key: MyPassW0rd

Phase 2
Protocol: ESP
Encryption alg: 3DES
Hash: MD5
PFS key group:
|

And those dyndns.org -names were obviously fakes…

This is my conf... and all I get is the log...
I've tried to change allmost everything: Hashes, encryption algorythms, etc.

Thanks to all!

hammaskejju

How old is this release anyway? Has anyone really got the VPN to work?

Now - with different configuration I got errors like: "racoon: ERROR: /var/etc/racoon.conf:5: "-gw.d" syntax error". Looks like implementation problems to me.
Now I should figure out - somehow - which part of configuration causes theese errors.

Should I just downgrade to 1.1x etc.? IPSec seems to work with theese earlier releases.

Or is there people who is actually running IPSec with pfSense 1.2? I would be glad to have a configuration exaple from working IPSec configuration.

heiko

Please search also this forum… ipsec works in 1.2 as it should from pfsense to pfsense....