• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPSEC Issue - dnswatch core dump

Scheduled Pinned Locked Moved IPsec
3 Posts 2 Posters 2.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    loki
    last edited by Aug 9, 2009, 4:25 PM

    Hello all, having a odd issue with getting IPSEC running between two pfsense boxes.

    running a fresh install of the pfSense-1.2.3-20090804-1244.iso

    if I set:

    "Remote gateway" or "My identifier" to the hostname.domain.name  format i see the following errors in the log files and the vpn session and the will not link up.

    
	kernel: pid 745 (dnswatch), uid 0: exited on signal 11 (core dumped)

    ipsec vpn log

    
racoon: ERROR: phase1 negotiation failed due to time up. e330c84aea4b37e7:0000000000000000
racoon: INFO: delete phase 2 handler.
racoon: []: ERROR: phase2 negotiation failed due to time up waiting for phase1\. ESP REMOTEEXTERNALIP[0]->MYEXTERNALIP[0]
racoon: INFO: begin Aggressive mode.
racoon: []: INFO: initiate new phase 1 negotiation: MYEXTERNALIP[500]<=>REMOTEEXTERNALIP[500]
racoon: []: INFO: IPsec-SA request for REMOTEEXTERNALIP queued due to no phase1 found.
racoon: INFO: INTERNALIP[500] used for NAT-T
racoon: [Self]: INFO: INTERNALIP[500] used as isakmp port (fd=16)

    running dnswatch from the command line will always core dump

    
 Segmentation fault (core dumped)

    Setting the "Remote gateway" and "My identifier" to use the "ip address"  on both the IPSEC client/server was my limited work around.

    Has anyone run into this before?

    -loki

    1 Reply Last reply Reply Quote 0
    • D
      databeestje
      last edited by Aug 13, 2009, 7:14 PM

      This is new, does the hostname actually resolve?

      I use remote gateway with a hostname and as the identifier My IP address.

      That's the way it's supposed to work.

      1 Reply Last reply Reply Quote 0
      • L
        loki
        last edited by Aug 13, 2009, 9:01 PM

        seems the dnswatch command from the Aug 04 build is bad. Pulled a copy from a older build i was testing (July 31) and the older version works fine.

        With the Aug 4th version of dnswatch

        
Aug 13 16:18:44 rt php: : The command '/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config' returned exit code '1', the output was '' 
Aug 13 16:18:45 rt kernel: pid 722 (dnswatch), uid 0: exited on signal 11 (core dumped)

        With the July 31 version of dnswatch

        
Aug 13 16:46:20 rt php: /vpn_ipsec.php: IPSEC: Send a reload signal to the IPsec process
Aug 13 16:46:20 rt php: /vpn_ipsec.php: The command '/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config' returned exit code '1', the output was '' 
Aug 13 16:46:21 rt check_reload_status: reloading filter

        A quick ps show the process is running now

        
ps -efxww | grep -i dns
ps: Process environment requires procfs(5)
 6118  ??  Ss     0:00.00  /usr/local/sbin/dnswatch /var/run/dnswatch-ipsec.pid 60 /etc/rc.newipsecdns /var/etc/dnswatch-ipsec.hosts
        • loki
        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received