Mobile IPSEC stops routing until service is reset
-
Using the guides to get mobile IPSEC running I was able to successfully connect to my pfsense router. There seems to be an issue with reaching LAN hosts after a second connection attempt from another machine, however.
The scenario:
Computer A: Macbook Pro OSX 10.8.2 using built in VPN connector.
Computer B: Windows 7 32bit using ShrewVPN 2.1.7Computer A will connect to the VPN and I can ping and connect to hosts on the primary LAN. I can disconnect and reconnect repeatedly and the connection works without issue each time. However, if I disconnect and then try to reconnect with Computer B, all hosts on the LAN become unreachable. This works in the opposite order as well.
Checking the IPSEC logs, I see this:
racoon: ERROR: no configuration found for IP REDACTED. racoon: ERROR: failed to begin ipsec sa negotication.
Restarting the Racoon service fixes the issue for the next connection, but the problem repeats itself if the above scenario plays out.
-
- System > Advanced, Miscellaneous tab.
- Uncheck "Prefer Old IPsec SA"
-
Thank you for the reply. Per other threads on this topic I made sure that was unchecked, but the behavior stays the same.
-
Only way that'll happen is if you have that box checked, or if you don't have this set on Phase 1:
Policy Generation: Unique
Proposal Checking: Strict -
I double checked and the settings are set correctly.
I tried to do my due diligence and poured through similar issues in the forums trying other suggested fixes, but I haven't been able to lick it yet.