VPN to Watchguard Firebox X Edge

JoePrecious

Hi

I'm trying to get an IPsec VPN working from pfSense 2.1 to a fairly old Watchguard Firebox X Edge.

As far as I can tell from multiple checks, both ends are configured the same but the tunnel refuses to come up.  I've using a pretty standard setup with Main mode, 3DES and SHA1 for both P1 and P2, no PFS.  Timeouts match as far as I can see.

If the pfSense logs, I get the following:-

Sep 27 10:39:39 racoon: [Charcoalblue]: INFO: IPsec-SA request for 46.65.206.51 queued due to no phase1 found.
Sep 27 10:39:39 racoon: [Charcoalblue]: INFO: initiate new phase 1 negotiation: 31.221.17.52[500]<=>46.65.206.51[500]
Sep 27 10:39:39 racoon: INFO: begin Identity Protection mode.
Sep 27 10:39:39 racoon: ERROR: sendto (Operation not permitted)
Sep 27 10:39:39 racoon: ERROR: sendfromto failed
Sep 27 10:39:39 racoon: ERROR: phase1 negotiation failed due to send error. 66b1e254686db797:0000000000000000
Sep 27 10:39:39 racoon: ERROR: failed to begin ipsec sa negotication.

I've not had much luck searching for these errors unfortunately.  I've multiple other VPNs to various devices which are all working fine, and an any/any IPsec at the moment.

Any idea what the problem might be?

Thanks

Joe

duelster

Greetings Joe. I had had 0 problems setting up WatchGuard models to connect to pfsense. It is all a vanilla install. Easy as pie. The errosr that you're seeing are strange though.

Sep 27 10:39:39  racoon: ERROR: sendto (Operation not permitted)
Sep 27 10:39:39  racoon: ERROR: sendfromto failed
Sep 27 10:39:39  racoon: ERROR: phase1 negotiation failed due to send error. 66b1e254686db797:0000000000000000
Sep 27 10:39:39  racoon: ERROR: failed to begin ipsec sa negotication.

I've never seen these errors before. Google brings up http://lists.freebsd.org/pipermail/freebsd-net/2012-July/032726.html. Are you sure your settings match? Double check.

Not much help I know, sorry…