IPSec errors in log
-
Hello!
I have pfSense 1.0.1 and it works fine. I have made few IPSec tunnels with it and they worked fine.
Now I have three computers with fresh installation of pfSense 1.2
Everything works fine… well not everything: I cant't get IPSec to work.I've tried to do everything. Tried to change everything, but all I get is weird errors in log.
First the error messages:
Aug 29 23:49:03 racoon: ERROR: fatal parse failure (1 errors)
Aug 29 23:49:03 racoon: ERROR: /var/etc/racoon.conf:5: "la" syntax error
Aug 29 23:49:03 racoon: INFO: Resize address pool from 0 to 255
Aug 29 23:49:03 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Aug 29 23:49:03 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Aug 29 23:49:03 racoon: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)
Aug 29 23:42:46 racoon: ERROR: fatal parse failure (1 errors)
Aug 29 23:42:46 racoon: ERROR: /var/etc/racoon.conf:5: "la" syntax error
Aug 29 23:42:46 racoon: INFO: Resize address pool from 0 to 255
Aug 29 23:42:46 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Aug 29 23:42:46 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Aug 29 23:42:46 racoon: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)Now... I'm wondering what can cause theese fatal errors and syntax errors?
Now to my configuration.
I have now two computers. They are exactly same kind of computers (Processor, NIC etc.). I have installed pfSense to CF card. It works fine.
WAN get's IP from DHCP and both WAN's are connected to router. They get's public IP.
I have an account in DynDNS, so I have configured DNS names for each computer. DynDNS works fine.Now finally to the configuration:
|
First computer (Firewall1.dyndns.org):Local subnet: LAN Subnet
Remote subnet: 192.168.20.0/24
Remote gateway: Firewall2.dyndns.org (works ok, pings ok)
Negotiation: Main
My identifier: FQDN (myemail@mydomain.net)
Encryption: 3DES
Hash: MD5
DH Key group
Lifetime: 28800
Authentication: Pre shared key
Pre shared key: MyPassW0rdPhase 2
Protocol: ESP
Encryption alg: 3DES
Hash: MD5
PFS key group:
| And the second computer: (Firewall2.dyndns.org):Local subnet: LAN Subnet
Remote subnet: 192.168.10.0/24
Remote gateway: Firewall1.dyndns.org (works ok, pings ok)
Negotiation: Main
My identifier: FQDN (myemail@mydomain.net)
Encryption: 3DES
Hash: MD5
DH Key group
Lifetime: 28800
Authentication: Pre shared key
Pre shared key: MyPassW0rdPhase 2
Protocol: ESP
Encryption alg: 3DES
Hash: MD5
PFS key group:
|And those dyndns.org -names were obviously fakes…
This is my conf... and all I get is the log...
I've tried to change allmost everything: Hashes, encryption algorythms, etc.Thanks to all!
-
How old is this release anyway? Has anyone really got the VPN to work?
Now - with different configuration I got errors like: "racoon: ERROR: /var/etc/racoon.conf:5: "-gw.d" syntax error". Looks like implementation problems to me.
Now I should figure out - somehow - which part of configuration causes theese errors.Should I just downgrade to 1.1x etc.? IPSec seems to work with theese earlier releases.
Or is there people who is actually running IPSec with pfSense 1.2? I would be glad to have a configuration exaple from working IPSec configuration.
-
Please search also this forum… ipsec works in 1.2 as it should from pfsense to pfsense....