Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1.2-RC4 IPSec Tunnel problem

    Scheduled Pinned Locked Moved IPsec
    16 Posts 4 Posters 9.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      heiko
      last edited by

      Ok, you have my attention

      1 Reply Last reply Reply Quote 0
      • F
        fastcon68
        last edited by

        I had similar problem with 1.2r3.  It was odd I only had a problem after the upgrade.  I ended up rebuilding after I save my configuration and printed it out so i could rebuild.  That is not a option now.  My  configuration is too complex now.

        i only upgrade when I run into a werid issue.  I have one issue now which I can't access the admin tool from https, from the wan side.  I have production to be concerned with and it cost too much to have it down.

        RC

        1 Reply Last reply Reply Quote 0
        • J
          jle2005
          last edited by

          Hi fastcon68,

          The weirdest part is even I'm having those error logs, my IPSec tunnel is still up and running and I can transmit data back and forth between my sites.

          1 Reply Last reply Reply Quote 0
          • F
            fastcon68
            last edited by

            I will check my log files to see if I am getting the same errors.  I post in a few mintes.  I am waiting for the site to come up.
            RC

            1 Reply Last reply Reply Quote 0
            • H
              heiko
              last edited by

              @jle2005:

              Hi fastcon68,

              The weirdest part is even I'm having those error logs, my IPSec tunnel is still up and running and I can transmit data back and forth between my sites.

              Fine

              1 Reply Last reply Reply Quote 0
              • J
                jle2005
                last edited by

                Hi heiko,

                Is it really fine? does it effect the IPSec tunnel performance at all with those error logs?

                1 Reply Last reply Reply Quote 0
                • H
                  heiko
                  last edited by

                  @jle2005:

                  Hi heiko,

                  Is it really fine? does it effect the IPSec tunnel performance at all with those error logs?

                  I think you have the tunnel up and running! Which error logs do you mean?

                  1 Reply Last reply Reply Quote 0
                  • J
                    jle2005
                    last edited by

                    heiko,

                    I think you have the tunnel up and running! Which error logs do you mean?

                    The error logs below and those in my previous posts.

                    Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "172.16.1.0/24[0] 192.168.1.0/24[0] proto=any dir=out"
                    Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.1.0/24[0] 172.16.1.0/24[0] proto=any dir=in"
                    Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP/Tunnel 63.252.x.x[0]->24.17.x.x[0] spi=223333855(0xd4fcddf)
                    Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP/Tunnel 24.17.x.x[0]->63.252.x.x[0] spi=101796693(0x6114b55)
                    Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: INFO: Update the generated policy : 192.168.1.0/24[0] 172.16.1.0/24[0] proto=any dir=in
                    Jan 29 18:20:42    racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: 63.252.x.x[0]<=>24.17.x.x[0]
                    Jan 29 18:20:41    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA expired: ESP/Tunnel 24.17.x.x[0]->63.252.x.x[0] spi=76670812(0x491e75c)
                    Jan 29 18:20:41    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA expired: ESP/Tunnel 63.252.x.x[0]->24.17.x.x[0] spi=258166286(0xf634e0e)
                    Jan 29 18:20:41    racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA established 63.252.x.x[500]-24.17.x.x[500] spi:57bbe8e812127d61:4ffe248e9b35525e
                    Jan 29 18:20:41    racoon: INFO: received Vendor ID: DPD
                    Jan 29 18:20:41    racoon: INFO: begin Aggressive mode.
                    Jan 29 18:20:41    racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 1 negotiation: 63.252.x.x[500]<=>24.17.x.x[500]
                    Jan 29 18:07:39    racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA deleted 63.252.x.x[500]-24.17.x.x[500] spi:f5a70c73dbf7f17a:baa137939e863faa
                    Jan 29 18:07:38    racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA expired 63.252.x.x[500]-24.17.x.x[500] spi:f5a70c73dbf7f17a:baa137939e863faa
                    Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA expired: ESP/Tunnel 24.17.x.x[0]->63.252.x.x[0] spi=27709746(0x1a6d132)
                    Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA expired: ESP/Tunnel 63.252.x.x[0]->24.17.x.x[0] spi=156434038(0x952fe76)
                    Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "172.16.1.0/24[0] 192.168.1.0/24[0] proto=any dir=out"
                    Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.1.0/24[0] 172.16.1.0/24[0] proto=any dir=in"
                    Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP/Tunnel 63.252.x.x[0]->24.17.x.x[0] spi=258166286(0xf634e0e)
                    Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP/Tunnel 24.17.x.x[0]->63.252.x.x[0] spi=76670812(0x491e75c)
                    Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: Update the generated policy : 192.168.1.0/24[0] 172.16.1.0/24[0] proto=any dir=in
                    Jan 29 18:03:20    racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: 63.252.x.x[0]<=>24.17.x.x[0]

                    1 Reply Last reply Reply Quote 0
                    • D
                      databeestje
                      last edited by

                      The error messages about policy's not already existing is not a error.

                      This is normal. This does not affect the operation the tunnel.

                      Kind regards,

                      Seth

                      1 Reply Last reply Reply Quote 0
                      • J
                        jle2005
                        last edited by

                        Thanks for letting me know that Seth.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.