Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway rep

    Scheduled Pinned Locked Moved IPsec
    12 Posts 4 Posters 44.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bigangel
      last edited by

      I try to use the search keywords: "racoon: [Unknown Gateway/Dynamic]"
      find many question.but i explored every avenue but could not find a solution.
      eveybody can help me?

      1 Reply Last reply Reply Quote 0
      • F
        FBI01
        last edited by

        Search Hint was gerat: 1st place I found this posting  ;D

        1 Reply Last reply Reply Quote 0
        • B
          Bigangel
          last edited by

          my pfsense ipsec tunnels is still not work
          eveybody can help me?

          1 Reply Last reply Reply Quote 0
          • H
            heiko
            last edited by

            Please post your config

            regards
            heiko

            1 Reply Last reply Reply Quote 0
            • B
              Bigangel
              last edited by

              my VPN: IPsec:1

              Interface: wan
                Remote subnet:192.168.3.0/24
                Remote gateway:192.168.4.1

              Phase 1 proposal (Authentication)
                Negotiation mode:Aggressive
                My identifier:User FQDN–>123@test.com
                Encryption algorithm:3DES
                Hash algorithm:SHA1
                DH key group:2
                Lifetime:1200
                Authentication method:Pre-shared Key
                Pre-Shared Key:vpn

              Phase 2 proposal (SA/Key Exchange)
                Protocol:ESP
                Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
                Hash algorithms:SHA1,MD5
                PFS key group:Off
                Lifetime:1200

              my VPN: IPsec:2

              Interface: wan
                Remote subnet:192.168.1.0/24
                Remote gateway:192.168.4.2

              Phase 1 proposal (Authentication)
                Negotiation mode:Aggressive
                My identifier:User FQDN-->vpn@test.com
                Encryption algorithm:3DES
                Hash algorithm:SHA1
                DH key group:2
                Lifetime:1200
                Authentication method:Pre-shared Key
                Pre-Shared Key:vpn

              Phase 2 proposal (SA/Key Exchange)
                Protocol:ESP
                Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
                Hash algorithms:SHA1,MD5
                PFS key group:Off
                Lifetime:1200

              my Network 1
                  wan ip:192.168.4.2/24
                  lan ip: 192.168.1.16/24

              Netrowk 2

              wan ip:192.168.4.1/24
                  lan ip: 192.168.3.20/24

              error message

              racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.3.0/24[0] proto=any dir=out
              racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0] 192.168.1.0/24[0] proto=any dir=out
              racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.3.0/24[0] 192.168.1.0/24[0] proto=any dir=in
              racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in

              Thank you

              1 Reply Last reply Reply Quote 0
              • H
                heiko
                last edited by

                Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..

                1 Reply Last reply Reply Quote 0
                • B
                  Bigangel
                  last edited by

                  @heiko:

                  Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..

                  I already delete the SPD's in the Diagnostics Page ,and then click on save on the ipsec configuration page.
                            but it is not work ,the error message :

                  racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0]   
                                      192.168.1.0/24[0] proto=any dir=out
                  racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in
                  racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
                  racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
                  racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
                  racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
                  racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
                  racoon: INFO: ::1[500] used as isakmp port (fd=14)
                  racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
                  racoon: INFO: unsupported PF_KEY message REGISTER
                  racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
                  racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
                  racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
                  racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
                  racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
                  racoon: INFO: ::1[500] used as isakmp port (fd=14)
                  racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)

                  please help me thank you

                  1 Reply Last reply Reply Quote 0
                  • H
                    heiko
                    last edited by

                    Is this dynamic to dynamic, if it is so, it will not work in 1.2. Dynamic to static in agressive mode works with the enabled option on the static side "allow mobile clients".

                    Regards
                    Heiko

                    1 Reply Last reply Reply Quote 0
                    • B
                      Bigangel
                      last edited by

                      Thank you
                      My Ipsec vpn is work

                      I ping my virtual network ip ,after 2 second ,the Ipsec vpn is on,

                      Thank You

                      1 Reply Last reply Reply Quote 0
                      • H
                        heiko
                        last edited by

                        Fine  :D

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.