Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot create a tunnel with a gateway

    IPsec
    2
    3
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Comradin
      last edited by

      Hello,

      I just deleted the not working tunnel config on my roadwarrior router and now the new config wont accept a remote gateway setting.

      I configured the following settings:

      Interface: WAN
      Local Subnet: LAN Subnet
      Remote Subnet: 192.168.1.0/24
      Remote Gateway: IP.of.my.OPT1 Interface

      Phase1 Settings:
      My Identifier: User FQDN / info@my.domain
      Lifetime: 1200
      Preshared Key: copy+paste from my static configuration

      Phase2 Settings:
      Lifetime: 1200

      And an IP address on my local subnet to ping to.

      I press the save button and what happens? My tunnel setup is created, but the remote gateway information is lost!
      When I look into the system log into IPSec logs I see the following two lines:

      Apr 19 15:33:41 racoon: ERROR: fatal parse failure (1 errors)
      Apr 19 15:33:41 racoon: ERROR: /var/etc/racoon.conf:5: "{" parse error

      Looking at the racoon.conf it does not look very wrong to me, but ok, I am new to this

      path pre_shared_key "/var/etc/psk.txt";

      path certificate  "/var/etc";

      remote  {
              exchange_mode aggressive;
              my_identifier user_fqdn "info@my.domain";

      peers_identifier address ;
              initial_contact on;
              support_proxy on;
              proposal_check obey;

      proposal {
                      encryption_algorithm 3des;
                      hash_algorithm sha1;
                      authentication_method pre_shared_key;
                      dh_group 2;
                      lifetime time 1200 secs;
              }
              lifetime time 1200 secs;
      }

      Next try:
      deleted the tunnel, saved,
      disabled IPSec, saved
      enabled IPSec, saved
      created the tunnel, saved

      Result: again, no gateway

      Can I delete the racoon.conf and it will be created from scratch?

      regards,
      Comradin

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        It won't work that way for roadwarriors. Have a look at http://pfsense.org/mirror.php?section=tutorials/mobile_ipsec/ how to configure mobile clients.

        1 Reply Last reply Reply Quote 0
        • C
          Comradin
          last edited by

          Ok,

          now Im really lost. I did my setup with the help of this tutorial two or three times now and I do not see any differences between the tutorial and my two machines.

          Only difference is that my static machine has two interfaces with WAN being the dynamic interface with PPPoE and OPT1 being the static interface like I wrote in my other thread where I was told to update my static box to the latest snapshot because of IPSec on OPT1 not being possible.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.