Problem - pfsense 1.2.2 and openbsd using isakmpd



  • Hi all

    Ok, making a bit of a change here.. i've used openbsd with pf and isakmpd for years now, but looking at pfsense

    Anyhow, little issue,

    I can't get the VPNs to work between the 2 devices.. My rules are wide open at the moment for the point of the test

    on the BSD side, I am getting a giving up message, which is usually due to access / communications. On the pfsense side I am getting a
    Aug 17 12:12:16 racoon: ERROR: couldn't find configuration.

    Anyhow, I can't see how to enable more in depth viewing of what is going on, but I don't see any ipsec attempts at all.

    Please note, my wording below and rules are just listed so it is easy for you to read.. they are not exact, but result in virtually, the same

    Firewall Rules
    Openbsd
    Pass quick log from <bsdfw>to <pfsensefw>keep state
    pass quick log from <pfsensefw>to <bsdfw>keep state
    pass quick log on enc0 keep state
    pass quick log from <bsdadmin>to <pfsenseadmin>keep state

    pfsense
    I allow all in and out of the lan interface
    I allow all in and out of the wan interface in reference to the bsdfw

    VPN setup

    settings on BSD

    [Phase 1]
    24.24.24.10= peer-pfsenseadmin

    [Phase 2]
    Connections=    vpn-bsdadmin-pfsenseadmin

    [peer-ag]
    Phase=          1
    Transport=      udp
    Address=        142.176.13.132
    Configuration=  Default-main-mode
    Authentication= th1s1s4test

    [vpn-bsdadmin-pfsenseadmin]
    Phase=          2
    ISAKMP-peer=    peer-pfsenseadmin
    Configuration=  Default-quick-mode
    Local-ID=      bsdadmin
    Remote-ID=      pfsenseadmin

    [bsdadmin]
    ID-type=        IPV4_ADDR_SUBNET
    Network=        10.20.20.0
    Netmask=        255.255.255.0

    [pfsenseadmin]
    ID-type=        IPV4_ADDR_SUBNET
    Network=        10.21.20.0
    Netmask=        255.255.255.0

    [Default-main-mode]
    DOI=                    IPSEC
    EXCHANGE_TYPE=          ID_PROT
    Transforms=            3DES-SHA

    [Default-quick-mode]
    DOI=                    IPSEC
    EXCHANGE_TYPE=          QUICK_MODE
    Suites=                QM-ESP-3DES-SHA-SUITE

    Settings on PFSENSE

    interface: wan
    local subnet: lan subnet
    remote subnet: 10.20.20.0
    remote gateway: 24.24.10.10

    negotiation mode: main
    my identifier: Not a clue what to use this for??
    Encryption Algorithm: 3des
    Hash algorithm: sha1
    DH key group: 2
    Lifetime: 28800
    Authentication method: Pre-shared key
    Pre-shared Key: th1s1s4test

    protocol: ESP
    encryption algorithms: 3des, blowfish, cast128, AES, AES256
    Hash Algorithms: Sha1
    Lifetime: 3600

    Thanks

    James</pfsenseadmin></bsdadmin></bsdfw></pfsensefw></pfsensefw></bsdfw>


Log in to reply