Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN IPSEC routing problem

    IPsec
    2
    2
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gset777
      last edited by

      the case: NetA is 10.231.0.0/24 <pfsense>behind a router (192.168.0.0/24) <-> Dyn IP (86.xxx.xxx.220)
                    NetB is 190.1.1.0/24 <pfsense><-> public IP (83.xxx.xxx.19)

      When i ping the lan Interface of NetB (190.1.1.245) from NetA (10.231.0.200), the tunnel is established but no ping !

      The Log said this :
        racoon: INFO: respond new phase 2 negotiation: 83.xxx.xxx.19[0]<=>86.201.1.220[0]
        racoon: INFO: Update the generated policy : 10.231.0.0/24[0] 190.1.1.0/24[0] proto=any dir=in
        racoon: INFO: IPsec-SA established: ESP/Tunnel 86.xxx.xxx.220[0]->83.xxx.xxx.19[0] spi=243024623(0xe7c42ef)
        racoon: INFO: IPsec-SA established: ESP/Tunnel 83.xxx.xxx.19[0]->86.xxx.xxx.220[0] spi=124153723(0x7666f7b)
        racoon: ERROR: such policy does not already exist: "10.231.0.0/24[0] 190.1.1.0/24[0] proto=any dir=in"
        racoon: ERROR: such policy does not already exist: "190.1.1.0/24[0] 10.231.0.0/24[0] proto=any dir=out"

      An Idea ?  ???</pfsense></pfsense>

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Make sure the router the pfSense is behind doesn't break things. You should have the pfSense directly at the WAN.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post