IPSEC Issue - dnswatch core dump
loki last edited by
Hello all, having a odd issue with getting IPSEC running between two pfsense boxes.
running a fresh install of the pfSense-1.2.3-20090804-1244.iso
if I set:
"Remote gateway" or "My identifier" to the hostname.domain.name format i see the following errors in the log files and the vpn session and the will not link up.
kernel: pid 745 (dnswatch), uid 0: exited on signal 11 (core dumped)
ipsec vpn log
racoon: ERROR: phase1 negotiation failed due to time up. e330c84aea4b37e7:0000000000000000 racoon: INFO: delete phase 2 handler. racoon: : ERROR: phase2 negotiation failed due to time up waiting for phase1\. ESP REMOTEEXTERNALIP->MYEXTERNALIP racoon: INFO: begin Aggressive mode. racoon: : INFO: initiate new phase 1 negotiation: MYEXTERNALIP<=>REMOTEEXTERNALIP racoon: : INFO: IPsec-SA request for REMOTEEXTERNALIP queued due to no phase1 found. racoon: INFO: INTERNALIP used for NAT-T racoon: [Self]: INFO: INTERNALIP used as isakmp port (fd=16)
running dnswatch from the command line will always core dump
Segmentation fault (core dumped)
Setting the "Remote gateway" and "My identifier" to use the "ip address" on both the IPSEC client/server was my limited work around.
Has anyone run into this before?
databeestje last edited by
This is new, does the hostname actually resolve?
I use remote gateway with a hostname and as the identifier My IP address.
That's the way it's supposed to work.
loki last edited by
seems the dnswatch command from the Aug 04 build is bad. Pulled a copy from a older build i was testing (July 31) and the older version works fine.
With the Aug 4th version of dnswatch
Aug 13 16:18:44 rt php: : The command '/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config' returned exit code '1', the output was '' Aug 13 16:18:45 rt kernel: pid 722 (dnswatch), uid 0: exited on signal 11 (core dumped)
With the July 31 version of dnswatch
Aug 13 16:46:20 rt php: /vpn_ipsec.php: IPSEC: Send a reload signal to the IPsec process Aug 13 16:46:20 rt php: /vpn_ipsec.php: The command '/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config' returned exit code '1', the output was '' Aug 13 16:46:21 rt check_reload_status: reloading filter
A quick ps show the process is running now
ps -efxww | grep -i dns ps: Process environment requires procfs(5) 6118 ?? Ss 0:00.00 /usr/local/sbin/dnswatch /var/run/dnswatch-ipsec.pid 60 /etc/rc.newipsecdns /var/etc/dnswatch-ipsec.hosts