Problems with establishing tunnel between pfSense and Linksys BEFVP41



  • Afternoon all.

    I'm having a problem establishing a tunnell between a Linksys BEFVP41 and my pfSense firewll.  I have roughly a half dozen tunnels running all over the world to various endpoints (monowall, pfsense, cisco, etc.), but for the life of me I can't seem to get this linksys tunnel up and running.  Both sides are setup identically, same passphrase, etc.

    Below are the logs from both, please let me know if you need additional informaion.  I've replaced my IP range with x's and the remote sites with y's.

    Thanks,

    Marty

    pfSense logs:

    Jan 16 09:40:52 racoon: INFO: begin Identity Protection mode.
    Jan 16 09:38:03 racoon: ERROR: libipsec failed pfkey align (Invalid sadb message)
    Jan 16 09:38:03 racoon: ERROR: libipsec failed pfkey align (Invalid sadb message)
    Jan 16 09:36:53 racoon: ERROR: phase1 negotiation failed due to time up. 21b11b4a21207887:0000000000000000
    Jan 16 09:36:34 racoon: INFO: delete phase 2 handler.
    Jan 16 09:36:34 racoon: [Saws VPN]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 99.8.254.89[0]->208.240.195.2[0]
    Jan 16 09:36:31 racoon: INFO: delete phase 2 handler.
    Jan 16 09:36:19 racoon: ERROR: phase1 negotiation failed due to time up. 69c2cd9e5d971b96:0000000000000000
    Jan 16 09:36:03 racoon: INFO: begin Aggressive mode.
    Jan 16 09:36:03 racoon: [Saws VPN]: INFO: initiate new phase 1 negotiation: x.x.x.x[500]<=>y.y.y.y[500]
    Jan 16 09:36:03 racoon: [Saws VPN]: INFO: IPsec-SA request for y.y.y.y queued due to no phase1 found.



  • AHA! But I am a master of simultaneous equations, and calculate that:

    x = 99.8.254.89

    and

    y = 208.240.195.2

    amirite?



  • lol, I guess I missed some.  Actually it's the other way around!

    208.240 is x and 99.8 is yy.

    In retrospect I should have left good enough alone eh? ;P



  • I have quite a few tunnels(~10-15) to the same BEFVP41 linksys router. I'm only using Main mode and not agressive but mine all work fine. I've seen most of those errors in my logs but after max of 1 or 2 minutes the tunnels usually come right back up. The only one I haven't seen is:

    racoon: ERROR: libipsec failed pfkey align (Invalid sadb message)

    What do the logs on the linksys look like?


Locked