Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1.2-RC4 IPSec Tunnel problem

    Scheduled Pinned Locked Moved IPsec
    16 Posts 4 Posters 9.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jle2005
      last edited by

      heiko, I've decided to tear down the box and rebuilt it, and if I run into this problem again I will post a screenshots for you. Thank you very much

      1 Reply Last reply Reply Quote 0
      • H
        heiko
        last edited by

        Ok, you have my attention

        1 Reply Last reply Reply Quote 0
        • F
          fastcon68
          last edited by

          I had similar problem with 1.2r3.  It was odd I only had a problem after the upgrade.  I ended up rebuilding after I save my configuration and printed it out so i could rebuild.  That is not a option now.  My  configuration is too complex now.

          i only upgrade when I run into a werid issue.  I have one issue now which I can't access the admin tool from https, from the wan side.  I have production to be concerned with and it cost too much to have it down.

          RC

          1 Reply Last reply Reply Quote 0
          • J
            jle2005
            last edited by

            Hi fastcon68,

            The weirdest part is even I'm having those error logs, my IPSec tunnel is still up and running and I can transmit data back and forth between my sites.

            1 Reply Last reply Reply Quote 0
            • F
              fastcon68
              last edited by

              I will check my log files to see if I am getting the same errors.  I post in a few mintes.  I am waiting for the site to come up.
              RC

              1 Reply Last reply Reply Quote 0
              • H
                heiko
                last edited by

                @jle2005:

                Hi fastcon68,

                The weirdest part is even I'm having those error logs, my IPSec tunnel is still up and running and I can transmit data back and forth between my sites.

                Fine

                1 Reply Last reply Reply Quote 0
                • J
                  jle2005
                  last edited by

                  Hi heiko,

                  Is it really fine? does it effect the IPSec tunnel performance at all with those error logs?

                  1 Reply Last reply Reply Quote 0
                  • H
                    heiko
                    last edited by

                    @jle2005:

                    Hi heiko,

                    Is it really fine? does it effect the IPSec tunnel performance at all with those error logs?

                    I think you have the tunnel up and running! Which error logs do you mean?

                    1 Reply Last reply Reply Quote 0
                    • J
                      jle2005
                      last edited by

                      heiko,

                      I think you have the tunnel up and running! Which error logs do you mean?

                      The error logs below and those in my previous posts.

                      Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "172.16.1.0/24[0] 192.168.1.0/24[0] proto=any dir=out"
                      Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.1.0/24[0] 172.16.1.0/24[0] proto=any dir=in"
                      Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP/Tunnel 63.252.x.x[0]->24.17.x.x[0] spi=223333855(0xd4fcddf)
                      Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP/Tunnel 24.17.x.x[0]->63.252.x.x[0] spi=101796693(0x6114b55)
                      Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: INFO: Update the generated policy : 192.168.1.0/24[0] 172.16.1.0/24[0] proto=any dir=in
                      Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: 63.252.x.x[0]<=>24.17.x.x[0]
                      Jan 29 18:20:41    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA expired: ESP/Tunnel 24.17.x.x[0]->63.252.x.x[0] spi=76670812(0x491e75c)
                      Jan 29 18:20:41    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA expired: ESP/Tunnel 63.252.x.x[0]->24.17.x.x[0] spi=258166286(0xf634e0e)
                      Jan 29 18:20:41    racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA established 63.252.x.x[500]-24.17.x.x[500] spi:57bbe8e812127d61:4ffe248e9b35525e
                      Jan 29 18:20:41    racoon: INFO: received Vendor ID: DPD
                      Jan 29 18:20:41    racoon: INFO: begin Aggressive mode.
                      Jan 29 18:20:41    racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 1 negotiation: 63.252.x.x[500]<=>24.17.x.x[500]
                      Jan 29 18:07:39    racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA deleted 63.252.x.x[500]-24.17.x.x[500] spi:f5a70c73dbf7f17a:baa137939e863faa
                      Jan 29 18:07:38    racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA expired 63.252.x.x[500]-24.17.x.x[500] spi:f5a70c73dbf7f17a:baa137939e863faa
                      Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA expired: ESP/Tunnel 24.17.x.x[0]->63.252.x.x[0] spi=27709746(0x1a6d132)
                      Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA expired: ESP/Tunnel 63.252.x.x[0]->24.17.x.x[0] spi=156434038(0x952fe76)
                      Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "172.16.1.0/24[0] 192.168.1.0/24[0] proto=any dir=out"
                      Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.1.0/24[0] 172.16.1.0/24[0] proto=any dir=in"
                      Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP/Tunnel 63.252.x.x[0]->24.17.x.x[0] spi=258166286(0xf634e0e)
                      Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP/Tunnel 24.17.x.x[0]->63.252.x.x[0] spi=76670812(0x491e75c)
                      Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: Update the generated policy : 192.168.1.0/24[0] 172.16.1.0/24[0] proto=any dir=in
                      Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: 63.252.x.x[0]<=>24.17.x.x[0]

                      1 Reply Last reply Reply Quote 0
                      • D
                        databeestje
                        last edited by

                        The error messages about policy's not already existing is not a error.

                        This is normal. This does not affect the operation the tunnel.

                        Kind regards,

                        Seth

                        1 Reply Last reply Reply Quote 0
                        • J
                          jle2005
                          last edited by

                          Thanks for letting me know that Seth.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.