Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem - pfsense 1.2.2 and openbsd using isakmpd

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      devantec
      last edited by

      Hi all

      Ok, making a bit of a change here.. i've used openbsd with pf and isakmpd for years now, but looking at pfsense

      Anyhow, little issue,

      I can't get the VPNs to work between the 2 devices.. My rules are wide open at the moment for the point of the test

      on the BSD side, I am getting a giving up message, which is usually due to access / communications. On the pfsense side I am getting a
      Aug 17 12:12:16 racoon: ERROR: couldn't find configuration.

      Anyhow, I can't see how to enable more in depth viewing of what is going on, but I don't see any ipsec attempts at all.

      Please note, my wording below and rules are just listed so it is easy for you to read.. they are not exact, but result in virtually, the same

      Firewall Rules
      Openbsd
      Pass quick log from <bsdfw>to <pfsensefw>keep state
      pass quick log from <pfsensefw>to <bsdfw>keep state
      pass quick log on enc0 keep state
      pass quick log from <bsdadmin>to <pfsenseadmin>keep state

      pfsense
      I allow all in and out of the lan interface
      I allow all in and out of the wan interface in reference to the bsdfw

      VPN setup

      settings on BSD

      [Phase 1]
      24.24.24.10= peer-pfsenseadmin

      [Phase 2]
      Connections=    vpn-bsdadmin-pfsenseadmin

      [peer-ag]
      Phase=          1
      Transport=      udp
      Address=        142.176.13.132
      Configuration=  Default-main-mode
      Authentication= th1s1s4test

      [vpn-bsdadmin-pfsenseadmin]
      Phase=          2
      ISAKMP-peer=    peer-pfsenseadmin
      Configuration=  Default-quick-mode
      Local-ID=      bsdadmin
      Remote-ID=      pfsenseadmin

      [bsdadmin]
      ID-type=        IPV4_ADDR_SUBNET
      Network=        10.20.20.0
      Netmask=        255.255.255.0

      [pfsenseadmin]
      ID-type=        IPV4_ADDR_SUBNET
      Network=        10.21.20.0
      Netmask=        255.255.255.0

      [Default-main-mode]
      DOI=                    IPSEC
      EXCHANGE_TYPE=          ID_PROT
      Transforms=            3DES-SHA

      [Default-quick-mode]
      DOI=                    IPSEC
      EXCHANGE_TYPE=          QUICK_MODE
      Suites=                QM-ESP-3DES-SHA-SUITE

      Settings on PFSENSE

      interface: wan
      local subnet: lan subnet
      remote subnet: 10.20.20.0
      remote gateway: 24.24.10.10

      negotiation mode: main
      my identifier: Not a clue what to use this for??
      Encryption Algorithm: 3des
      Hash algorithm: sha1
      DH key group: 2
      Lifetime: 28800
      Authentication method: Pre-shared key
      Pre-shared Key: th1s1s4test

      protocol: ESP
      encryption algorithms: 3des, blowfish, cast128, AES, AES256
      Hash Algorithms: Sha1
      Lifetime: 3600

      Thanks

      James</pfsenseadmin></bsdadmin></bsdfw></pfsensefw></pfsensefw></bsdfw>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.