Racoon: [Unknown Gateway/Dynamic]: INFO: 192.168.3.254[500] used for NAT-T



  • Hello,

    I've attempting to setup an IPSEC VPN between 2 pfSense boxes. Both boxes are 1.2.3 RC1 with the following setup. It just doesn't want to connect.

    Site #1

    Remote Subnet: 192.168.1.0/24
    Remote Gateway: 208.x.x.x (Static IP)
      Phase 1 Proposal
    Negotiation Mode: Aggressive
    My Identifier: NONE (To my understanding this doesn't need to be done. Please let me know if I'm wrong)
    Encryption Algorithm: 3DES
    Hash Algorithm: SHA1
    DH Key Group: 2
    Lifetime 28800
    Authentication Method: Pre-Shared Key
    Pre-Shared Key: Key
      Phase 2 Proposal
    Protocol: ESP
    Encryption Algorithms: All are checked but DES
    Hash Algorithms: Both SHA1 and MD5 are checked
    PFS Key Group: 2
    Lifetime: 3600

    Site #2

    Remote Subnet: 192.168.3.0/24
    Remote Gateway: 71.x.x.x (Dynamic IP but only changes once ever few months I treat it like Static)
      Phase 1 Proposal
    Negotiation Mode: Aggressive
    My Identifier: NONE (To my understanding this doesn't need to be done. Please let me know if I'm wrong)
    Encryption Algorithm: 3DES
    Hash Algorithm: SHA1
    DH Key Group: 2
    Lifetime 28800
    Authentication Method: Pre-Shared Key
    Pre-Shared Key: Key
      Phase 2 Proposal
    Protocol: ESP
    Encryption Algorithms: All are checked but DES
    Hash Algorithms: Both SHA1 and MD5 are checked
    PFS Key Group: 2
    Lifetime: 3600

    Under Firewall: Rules

    IPSEC Tab, Proto:, Source:, Port:, Destination:, Port:, Gateway: (Any to Any)

    Wan Tab, Nothing there as once again my understanding is pfSense opens what it needs to for the VPN by itself. Please correct me if I'm wrong.

    Lan Tab, Lan net to Any (Default rule)

    Now when I go into System logs: IPSEC this is what I get on the Site 1 system and the Site 2 system looks the same just with different IP's. I didn't post but if need be I can.

    Aug 24 01:03:53 racoon: [Unknown Gateway/Dynamic]: INFO: 192.168.3.254[500] used for NAT-T
    Aug 24 01:03:53 racoon: [Self]: INFO: 192.168.3.254[500] used as isakmp port (fd=16)
    Aug 24 01:03:53 racoon: INFO: 127.0.0.1[500] used for NAT-T
    Aug 24 01:03:53 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
    Aug 24 01:03:53 racoon: INFO: 71.x.x.x[500] used for NAT-T
    Aug 24 01:03:53 racoon: [Self]: INFO: 71.x.x.x[500] used as isakmp port (fd=14)
    Aug 24 01:03:43 racoon: INFO: unsupported PF_KEY message REGISTER

    This is my first time trying to setup a VPN so I'm very new at this. Please any help would be great. If I left out any data please let me know and I will get it added right away.

    Thanks in advance,
    Fearmonge


Log in to reply