OPTX: THE PACKET IS RETRANSMITTED BY…

juan · Jul 10, 2007, 8:57 AM

Error when using OPTX interface:

Jul 10 09:08:50 racoon: ERROR: phase1 negotiation failed due to time up.
Jul 10 09:08:46 racoon: NOTIFY: the packet is retransmitted by REMOTE GATEWAY[500].
Jul 10 09:08:41 racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Jul 10 09:08:41 racoon: WARNING: SPI size isn't zero, but IKE proposal.
Jul 10 09:08:41 racoon: WARNING: No ID match.
Jul 10 09:08:41 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Jul 10 09:08:41 racoon: INFO: begin Aggressive mode.
Jul 10 09:08:41 racoon: INFO: respond new phase 1 negotiation: OPTX[500]<=>REMOTE GATEWAY[500]

someone knows how to resolve the "the packet is retransmitted by…" problem or the configuration steps for enable IPSEC traffic on OPTX interfaces?

a simple question: is IPSEC on OPTX interfaces supported by pfsense?

juan · Jul 17, 2007, 8:22 PM

IPSEC on OPTX interfaces is supported on 1.2b2?

sullrich · Jul 17, 2007, 8:28 PM

Yes but it requires a static route.

juan · Jul 18, 2007, 1:29 AM

You could detail with an example the procedure to create this route correctly to make work IPSEC in an interface OPTX?

LAN 172.26.0.0/24 WAN X.X.X.X.X REMOTE GATEWAY Y.Y.Y.Y REMOTE LAN 192.168.1.0/24

It is not possible to apply the same procedure that automatically creates the routes in the WAN interface?

In the version 1.2b1 the tunnels ipsec in OPTX worked correctly until a certain point and in case of falling, reinitiating physically the router (power down/up) in many cases gets the tunnels up and running (automatically recreating routes?).

I have interest in making work IPSEC in interfaces OPTX, since my configuration would require of tunnels in WAN, OPT1 and OPT2 with about 25 tunnels each one. It would be technically feasible to attain this with pfsense?

Thanks.

juan · Jul 19, 2007, 9:53 PM

Somebody can explain how to create the routes necessary to make work IPSEC in OPTX in 1.2b2?

Help!

juan · Sep 5, 2007, 9:01 AM

I still need help on how to create the routes necessary to make work IPSEC in OPTX interfaces….

dotdash · Sep 5, 2007, 7:56 PM

I used something like this:
interface: OPT1
Network: (remote endpoint of ipsec tunnel/32)
Gateway: (gateway of OPT1 interface)

juan · Sep 18, 2007, 11:21 AM

Some questions:

Network: (remote endpoint of ipsec tunnel/32), is the public IP of the remote gateway?
i must add these routes on the SYSTEM>STATIC ROUTES section of the webconfigurator?

Thanks.

dotdash · Sep 18, 2007, 1:55 PM

Yes, the 'destination network' under system, static routes is the same IP you entered for 'remote gateway' on the IPSec tunnel.

juan · Sep 25, 2007, 6:55 PM

yes, seems to work.

Thanks!