Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec racoon help – SonicWall TZ 170 site to site

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DaninND
      last edited by

      I've got a site to site VPN set up between a pfsense and SonicWall TZ170.
      It works super slick from pfsense to SW, but not the other way (a one way VPN?)
      I ran the racoon -F -d -v -f /var/etc/racoon.conf command posted in the forum and got this:

      Foreground mode.
      2010-04-03 21:16:30: INFO: @(#)ipsec-tools 0.7.2 (http://ipsec-tools.sourceforge.net)
      2010-04-03 21:16:30: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
      2010-04-03 21:16:30: INFO: Reading configuration from "/var/etc/racoon.conf"
      2010-04-03 21:16:30: DEBUG: call pfkey_send_register for AH
      2010-04-03 21:16:30: DEBUG: call pfkey_send_register for ESP
      2010-04-03 21:16:30: DEBUG: call pfkey_send_register for IPCOMP
      2010-04-03 21:16:30: DEBUG: reading config file /var/etc/racoon.conf
      2010-04-03 21:16:30: DEBUG: hmac(modp1024)
      2010-04-03 21:16:30: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
      2010-04-03 21:16:30: DEBUG: getsainfo params: loc='192.168.227.0/24', rmt='192.168.225.0/24', peer='NULL', id=0
      2010-04-03 21:16:30: DEBUG: getsainfo pass #2
      2010-04-03 21:16:30: DEBUG: open /var/db/racoon/racoon.sock as racoon management.
      2010-04-03 21:16:30: DEBUG: my interface: pfsense WAN IP
      2010-04-03 21:16:30: DEBUG: my interface: [pfsense LAN IP] (rl0)
      2010-04-03 21:16:30: DEBUG: my interface: 127.0.0.1 (lo0)
      2010-04-03 21:16:30: DEBUG: configuring default isakmp port.
      2010-04-03 21:16:30: DEBUG: 3 addrs are configured successfully
      2010-04-03 21:16:30: ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
      2010-04-03 21:16:30: ERROR: failed to bind to address [pfsense LAN IP][500] (Address already in use).
      2010-04-03 21:16:30: ERROR: failed to bind to address [pfsense WAN IP][500] (Address already in use).
      2010-04-03 21:16:30: ERROR: no address could be bound.

      I'm new to pfsense and BSDs. I recently bought the Guide for pfsense and have enjoyed myself immensely implementing pfsense at work. I would appreciate any help with this. 192.168.227.0 is the pfsense LAN subnet. 192.168.225.0 is the SonicWall LAN subnet.

      1 Reply Last reply Reply Quote 0
      • D
        DaninND
        last edited by

        :-[ OK… I figured it out. I'm glad I didn't waste anyone else's time with this (I hope). The SonicWall apparently has hidden associated NAT rules that are added when a new VPN is created. The NAT rule I made seemed to mess things up. I just deleted that and most seems to work now.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.