Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    End-to-End VPN Tunnels

    IPsec
    1
    2
    6.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dbunyard
      last edited by

      I have been having some problems getting my end-to-end VPN tunnels configured.  We currently have a SonicWall and the goal is to completly replace that without having to re-configure the VPN endpoints that are all connected to it.  I have the connection set up both in pfSense and in a Netgear FVG318 with the same settings for all the encryption types, psk, mode, DH Group, etc.  My current tunnel to the SonicWall does work correctly.  However, I can't get the tunnel to establish to the pfSense firewall.  On the pfSense side, I see this in my IPSEC log:

      
Nov 7 20:16:34 	racoon: ERROR: fatal parse failure (1 errors)
Nov 7 20:16:34 	racoon: ERROR: /var/etc/racoon.conf:5: "unya" syntax error
Nov 7 20:16:34 	racoon: INFO: Resize address pool from 0 to 255
Nov 7 20:16:34 	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Nov 7 20:16:34 	racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Nov 7 20:16:34 	racoon: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)

      On the Netgear side, I see this:

      
2008-11-08 : INFO:  accept a request to establish IKE-SA: x.x.x.x
2008-11-08 : INFO:  Configuration found for x.x.x.x.
2008-11-08 : INFO:  Initiating new phase 1 negotiation: y.y.y.y[500]<=>x.x.x.x[500]
2008-11-08 : INFO:  Beginning Identity Protection mode.
2008-11-08 : ERROR:  Invalid SA protocol type: 0
2008-11-08 : ERROR:  Phase 2 negotiation failed due to time up waiting for phase1\. 
2008-11-08 : INFO:  Using IPsec SA configuration: 192.168.x.x/26<->10.37.x.x/24
2008-11-08 : INFO:  Configuration found for x.x.x.x.
2008-11-08 : ERROR:  Phase 1 negotiation failed due to time up for x.x.x.x[500]. 9a871d6c1c6d1951:0000000000000000
2008-11-08 : ERROR:  Phase 2 negotiation failed due to time up waiting for phase1\. ESP x.x.x.x->y.y.y.y

      I have replaced the actual IP addresses for obvious reasons but they DO match the IPs on both ends.  Does anybody have any idea what's going on here?  Thanks for your help!

      1 Reply Last reply Reply Quote 0
      • D
        dbunyard
        last edited by

        If I use my IP address, I am able to get it connect without a problem, however since my IP changes I need to be able to use my DDNS.  My boss actually caught this, the 'unya' is actually part of my DDNS name of: dbUNYArd.homeip.net.  Is there something I am missing here?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.