Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec errors in log

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hammaskejju
      last edited by

      Hello!

      I have pfSense 1.0.1 and it works fine. I have made few IPSec tunnels with it and they worked fine.

      Now I have three computers with fresh installation of pfSense 1.2
      Everything works fine… well not everything: I cant't get IPSec to work.

      I've tried to do everything. Tried to change everything, but all I get is weird errors in log.

      First the error messages:

      Aug 29 23:49:03 racoon: ERROR: fatal parse failure (1 errors)
      Aug 29 23:49:03 racoon: ERROR: /var/etc/racoon.conf:5: "la" syntax error
      Aug 29 23:49:03 racoon: INFO: Resize address pool from 0 to 255
      Aug 29 23:49:03 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
      Aug 29 23:49:03 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
      Aug 29 23:49:03 racoon: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)
      Aug 29 23:42:46 racoon: ERROR: fatal parse failure (1 errors)
      Aug 29 23:42:46 racoon: ERROR: /var/etc/racoon.conf:5: "la" syntax error
      Aug 29 23:42:46 racoon: INFO: Resize address pool from 0 to 255
      Aug 29 23:42:46 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
      Aug 29 23:42:46 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
      Aug 29 23:42:46 racoon: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)

      Now... I'm wondering what can cause theese fatal errors and syntax errors?

      Now to my configuration.

      I have now two computers. They are exactly same kind of computers (Processor, NIC etc.). I have installed pfSense to CF card. It works fine.

      WAN get's IP from DHCP and both WAN's are connected to router. They get's public IP.
      I have an account in DynDNS, so I have configured DNS names for each computer. DynDNS works fine.

      Now finally to the configuration:

      |
      First computer (Firewall1.dyndns.org):

      Local subnet: LAN Subnet
      Remote subnet: 192.168.20.0/24
      Remote gateway: Firewall2.dyndns.org (works ok, pings ok)
      Negotiation: Main
      My identifier: FQDN (myemail@mydomain.net)
      Encryption: 3DES
      Hash: MD5
      DH Key group
      Lifetime: 28800
      Authentication: Pre shared key
      Pre shared key: MyPassW0rd

      Phase 2
      Protocol: ESP
      Encryption alg: 3DES
      Hash: MD5
      PFS key group:
      | And the second computer: (Firewall2.dyndns.org):

      Local subnet: LAN Subnet
      Remote subnet: 192.168.10.0/24
      Remote gateway: Firewall1.dyndns.org (works ok, pings ok)
      Negotiation: Main
      My identifier: FQDN (myemail@mydomain.net)
      Encryption: 3DES
      Hash: MD5
      DH Key group
      Lifetime: 28800
      Authentication: Pre shared key
      Pre shared key: MyPassW0rd

      Phase 2
      Protocol: ESP
      Encryption alg: 3DES
      Hash: MD5
      PFS key group:
      |

      And those dyndns.org -names were obviously fakes…

      This is my conf... and all I get is the log...
      I've tried to change allmost everything: Hashes, encryption algorythms, etc.

      Thanks to all!

      1 Reply Last reply Reply Quote 0
      • H
        hammaskejju
        last edited by

        How old is this release anyway? Has anyone really got the VPN to work?

        Now - with different configuration I got errors like: "racoon: ERROR: /var/etc/racoon.conf:5: "-gw.d" syntax error". Looks like implementation problems to me.
        Now I should figure out - somehow - which part of configuration causes theese errors.

        Should I just downgrade to 1.1x etc.? IPSec seems to work with theese earlier releases.

        Or is there people who is actually running IPSec with pfSense 1.2? I would be glad to have a configuration exaple from working IPSec configuration.

        1 Reply Last reply Reply Quote 0
        • H
          heiko
          last edited by

          Please search also this forum… ipsec works in 1.2 as it should from pfsense to pfsense....

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.