IPSec errors in log



  • Hello!

    I have pfSense 1.0.1 and it works fine. I have made few IPSec tunnels with it and they worked fine.

    Now I have three computers with fresh installation of pfSense 1.2
    Everything works fine… well not everything: I cant't get IPSec to work.

    I've tried to do everything. Tried to change everything, but all I get is weird errors in log.

    First the error messages:

    Aug 29 23:49:03 racoon: ERROR: fatal parse failure (1 errors)
    Aug 29 23:49:03 racoon: ERROR: /var/etc/racoon.conf:5: "la" syntax error
    Aug 29 23:49:03 racoon: INFO: Resize address pool from 0 to 255
    Aug 29 23:49:03 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
    Aug 29 23:49:03 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
    Aug 29 23:49:03 racoon: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)
    Aug 29 23:42:46 racoon: ERROR: fatal parse failure (1 errors)
    Aug 29 23:42:46 racoon: ERROR: /var/etc/racoon.conf:5: "la" syntax error
    Aug 29 23:42:46 racoon: INFO: Resize address pool from 0 to 255
    Aug 29 23:42:46 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
    Aug 29 23:42:46 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
    Aug 29 23:42:46 racoon: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)

    Now... I'm wondering what can cause theese fatal errors and syntax errors?

    Now to my configuration.

    I have now two computers. They are exactly same kind of computers (Processor, NIC etc.). I have installed pfSense to CF card. It works fine.

    WAN get's IP from DHCP and both WAN's are connected to router. They get's public IP.
    I have an account in DynDNS, so I have configured DNS names for each computer. DynDNS works fine.

    Now finally to the configuration:

    |
    First computer (Firewall1.dyndns.org):

    Local subnet: LAN Subnet
    Remote subnet: 192.168.20.0/24
    Remote gateway: Firewall2.dyndns.org (works ok, pings ok)
    Negotiation: Main
    My identifier: FQDN (myemail@mydomain.net)
    Encryption: 3DES
    Hash: MD5
    DH Key group
    Lifetime: 28800
    Authentication: Pre shared key
    Pre shared key: MyPassW0rd

    Phase 2
    Protocol: ESP
    Encryption alg: 3DES
    Hash: MD5
    PFS key group:
    | And the second computer: (Firewall2.dyndns.org):

    Local subnet: LAN Subnet
    Remote subnet: 192.168.10.0/24
    Remote gateway: Firewall1.dyndns.org (works ok, pings ok)
    Negotiation: Main
    My identifier: FQDN (myemail@mydomain.net)
    Encryption: 3DES
    Hash: MD5
    DH Key group
    Lifetime: 28800
    Authentication: Pre shared key
    Pre shared key: MyPassW0rd

    Phase 2
    Protocol: ESP
    Encryption alg: 3DES
    Hash: MD5
    PFS key group:
    |

    And those dyndns.org -names were obviously fakes…

    This is my conf... and all I get is the log...
    I've tried to change allmost everything: Hashes, encryption algorythms, etc.

    Thanks to all!



  • How old is this release anyway? Has anyone really got the VPN to work?

    Now - with different configuration I got errors like: "racoon: ERROR: /var/etc/racoon.conf:5: "-gw.d" syntax error". Looks like implementation problems to me.
    Now I should figure out - somehow - which part of configuration causes theese errors.

    Should I just downgrade to 1.1x etc.? IPSec seems to work with theese earlier releases.

    Or is there people who is actually running IPSec with pfSense 1.2? I would be glad to have a configuration exaple from working IPSec configuration.



  • Please search also this forum… ipsec works in 1.2 as it should from pfsense to pfsense....


Log in to reply