Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No traffic between PfSense and Monowall tunnel

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DeVerSion
      last edited by

      Hello

      I have site-to-site setup between (site1)PfSense(2.1) and (site2)Monowall(1.34). The Ipsec tunnel was working like a charm before when I was running the previous version of PfSense.
      But after I upgraded to latest version. No traffic is going trough it.
      If I go to:

      Status->ipsec->overview = Active(Green)

      Status->ipsec->SAD=
      Source     Destination  Protocol    SPI                 Enc. alg.         Auth. alg  . Data
      Site1            Site2                 ESP          09f1b348  blowfish-cbc hmac-sha1 5504 B
      Site2            Site1            ESP                 00540335 blowfish-cbc hmac-sha1 0 B

      Status->ipsec->LOG
      Oct 1 21:58:38 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
      Oct 1 21:58:38 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
      Oct 1 21:58:38 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
      Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[4500] used for NAT-T
      Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[4500] used as isakmp port (fd=13)
      Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[500] used for NAT-T
      Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[500] used as isakmp port (fd=14)
      Oct 1 21:58:41 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
      Oct 1 21:58:41 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
      Oct 1 21:58:41 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
      Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[4500] used for NAT-T
      Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[4500] used as isakmp port (fd=13)
      Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[500] used for NAT-T
      Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[500] used as isakmp port (fd=14)
      Oct 1 21:58:41 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 1 21:58:41 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.2/32[0] 192.168.0.0/24[0] proto=any dir=out
      Oct 1 21:58:41 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.0/24[0] 192.168.0.2/32[0] proto=any dir=in
      Oct 1 21:58:42 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 1 21:59:14 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 1 22:00:09 racoon: [GreenCity]: INFO: respond new phase 1 negotiation: Site1ip[500]<=>Site2ip[500]
      Oct 1 22:00:09 racoon: INFO: begin Aggressive mode.
      Oct 1 22:00:09 racoon: INFO: received Vendor ID: DPD
      Oct 1 22:00:09 racoon: [GreenCity]: [Site2ip] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
      Oct 1 22:00:09 racoon: [GreenCity]: INFO: ISAKMP-SA established Site1ip[500]-Site2ip[500] spi:d15325d570874ce9:c06ed6b1cb5c72af
      Oct 1 22:00:10 racoon: [GreenCity]: INFO: respond new phase 2 negotiation: Site1ip[500]<=>Site2ip[500]
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:256 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:248 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:240 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:232 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:224 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:216 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:208 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:200 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:192 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:184 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:176 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:168 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:160 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:152 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:144 peer:128.
      Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:136 peer:128.
      Oct 1 22:00:10 racoon: [GreenCity]: INFO: IPsec-SA established: ESP Site1ip[500]->Site2ip[500] spi=215023445(0xcd0ff55)
      Oct 1 22:00:10 racoon: [GreenCity]: INFO: IPsec-SA established: ESP Site1ip[500]->Site2ip[500] spi=143386518(0x88be796)

      1 Reply Last reply Reply Quote 0
      • D
        DeVerSion
        last edited by

        Anyone that have a clue what could be wrong here?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.