IPSec errors on startup
-
When raccoon starts up on a new pair of 1.2-Release firewalls I see errors like this:
Apr 16 04:01:11 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 90f16c2e3f29d7c9:67f127c8af406577:0000b5e7
Apr 16 04:01:11 racoon: ERROR: no configuration found for peer address.They continue until the service is stopped. I have setup countless pfSense IPSec tunnels and have looked everywhere for some idea of what could be causing this. This was a fresh install of pfSense 1.2-Release a few days ago. At this point I am thinking the image was corrupted or something since I have tried every combination of tunnels to different places with different gear and it doesn't matter. If anyone has even a remote idea, would love to hear it.
Thanks,
Roy -
I woke up this morning (afternoon actually) after beating my head against the wall last night and tunnels were working…
Turns out that raccoon crashed (there was a core dump in the root directory, which I didn't even think about and deleted), which most likely corrupted the IPSec state entries. Normally rebooting would have fixed this, however since I had pfSync on, the two boxes just passed the bad entries back and forth... :)
Had I thought to reset the state tables, it probably would have started working immediately. Luckily the IPSec timer was only 6 hours so after sleeping all was good.
Roy