Problem - pfsense 1.2.2 and openbsd using isakmpd
-
Hi all
Ok, making a bit of a change here.. i've used openbsd with pf and isakmpd for years now, but looking at pfsense
Anyhow, little issue,
I can't get the VPNs to work between the 2 devices.. My rules are wide open at the moment for the point of the test
on the BSD side, I am getting a giving up message, which is usually due to access / communications. On the pfsense side I am getting a
Aug 17 12:12:16 racoon: ERROR: couldn't find configuration.Anyhow, I can't see how to enable more in depth viewing of what is going on, but I don't see any ipsec attempts at all.
Please note, my wording below and rules are just listed so it is easy for you to read.. they are not exact, but result in virtually, the same
Firewall Rules
Openbsd
Pass quick log from <bsdfw>to <pfsensefw>keep state
pass quick log from <pfsensefw>to <bsdfw>keep state
pass quick log on enc0 keep state
pass quick log from <bsdadmin>to <pfsenseadmin>keep statepfsense
I allow all in and out of the lan interface
I allow all in and out of the wan interface in reference to the bsdfwVPN setup
settings on BSD
[Phase 1]
24.24.24.10= peer-pfsenseadmin[Phase 2]
Connections= vpn-bsdadmin-pfsenseadmin[peer-ag]
Phase= 1
Transport= udp
Address= 142.176.13.132
Configuration= Default-main-mode
Authentication= th1s1s4test[vpn-bsdadmin-pfsenseadmin]
Phase= 2
ISAKMP-peer= peer-pfsenseadmin
Configuration= Default-quick-mode
Local-ID= bsdadmin
Remote-ID= pfsenseadmin[bsdadmin]
ID-type= IPV4_ADDR_SUBNET
Network= 10.20.20.0
Netmask= 255.255.255.0[pfsenseadmin]
ID-type= IPV4_ADDR_SUBNET
Network= 10.21.20.0
Netmask= 255.255.255.0[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITESettings on PFSENSE
interface: wan
local subnet: lan subnet
remote subnet: 10.20.20.0
remote gateway: 24.24.10.10negotiation mode: main
my identifier: Not a clue what to use this for??
Encryption Algorithm: 3des
Hash algorithm: sha1
DH key group: 2
Lifetime: 28800
Authentication method: Pre-shared key
Pre-shared Key: th1s1s4testprotocol: ESP
encryption algorithms: 3des, blowfish, cast128, AES, AES256
Hash Algorithms: Sha1
Lifetime: 3600Thanks
James</pfsenseadmin></bsdadmin></bsdfw></pfsensefw></pfsensefw></bsdfw>