Mobile client issue
-
no, please choose the local gateway of the other endpoint, wan would make dpd in the future
-
I change the ip but i'm still not able to make a connection between those two but i got this error message
racoon: INFO: unsupported PF_KEY message REGISTER on the server side
-
Guys it's working thanks a lot for your help the pfsense distribution is one of the beast Thanks to all of you
-
still an issue i'm not able to ping the other network do i need to add a rules ??
-
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.16.0/24[0] 10.128.0.0/24[0] proto=any dir=out"
Apr 28 17:04:56 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "10.128.0.0/24[0] 192.168.16.0/24[0] proto=any dir=in"
Apr 28 17:04:56 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP/Tunnel 70.XX.XX.XX[0]->70.55.XX.XX[0] spi=56305369(0x35b26d9)
Apr 28 17:04:56 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP/Tunnel 70.55.x.x[0]->70.50.x.x[0] spi=72385284(0x4508304)
Apr 28 17:04:56 racoon: WARNING: trns_id mismatched: my:CAST peer:AES
Apr 28 17:04:56 racoon: WARNING: trns_id mismatched: my:CAST peer:AES
Apr 28 17:04:56 racoon: WARNING: trns_id mismatched: my:BLOWFISH peer:AES
Apr 28 17:04:56 racoon: WARNING: trns_id mismatched: my:BLOWFISH peer:AES
Apr 28 17:04:56 racoon: WARNING: trns_id mismatched: my:3DES peer:AES
Apr 28 17:04:56 racoon: WARNING: trns_id mismatched: my:3DES peer:AES -
what should i say, you have mismatched setting in your config, please check your settings
-
Thanks it's working now but only in one side the mobile client to the server but not in the othen way
Thank
-
If i look in the overview tab on the server i don't see any route but i see in the SAD then the tunnel seems to work
-
firewall>rules, ipsec tab. Allow incoming traffic through the tunnel on both ends.
-
Thanks now i get this message on the server side
Apr 28 20:07:32 racoon: INFO: phase2 sa deleted 70.50.xx.xx-70.55.xx.xx
Apr 28 20:07:31 racoon: INFO: phase2 sa expired 70.50.xx.xx-70.55.xx.xx
Apr 28 20:06:33 racoon: INFO: phase2 sa deleted 70.50.xx.xx-70.55.xx.xx
Apr 28 20:06:32 racoon: INFO: phase2 sa expired 70.50.xx.xx-70.55.xx.xxand this one on the client
Apr 28 17:45:01 racoon: [st-eu]: INFO: IPsec-SA established: ESP/Tunnel 70.55.xx.xx[0]->70.50.xx.xx[0] spi=48887461(0x2e9f6a5)
Apr 28 17:45:01 racoon: [st-eu]: INFO: IPsec-SA established: ESP/Tunnel 70.50.xx.xx[0]->70.55.xx.xx[0] spi=83266683(0x4f68c7b)
Apr 28 17:45:01 racoon: [st-eu]: INFO: initiate new phase 2 negotiation: 70.55.xx.xx[500]<=>70.50.xx.xx[500]
Apr 28 17:45:00 racoon: [st-eu]: INFO: ISAKMP-SA established 70.55.xx.xx[500]-70.50.xx.xx[500] spi:9af974fdb63f4873:9334dc4883323fb3
Apr 28 17:45:00 racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.Thats pretty weird sionce 10 min ago it was working
-
Why is the time on both of the systems that way out of sync? Try to use shorter lifetimes for both phases. In fact, try something like 3600 for both and see if that works better.
-
Thanks now everything is working well