Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Racoon: [Unknown Gateway/Dynamic]: INFO: 192.168.3.254[500] used for NAT-T

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fearmonge
      last edited by

      Hello,

      I've attempting to setup an IPSEC VPN between 2 pfSense boxes. Both boxes are 1.2.3 RC1 with the following setup. It just doesn't want to connect.

      Site #1

      Remote Subnet: 192.168.1.0/24
      Remote Gateway: 208.x.x.x (Static IP)
        Phase 1 Proposal
      Negotiation Mode: Aggressive
      My Identifier: NONE (To my understanding this doesn't need to be done. Please let me know if I'm wrong)
      Encryption Algorithm: 3DES
      Hash Algorithm: SHA1
      DH Key Group: 2
      Lifetime 28800
      Authentication Method: Pre-Shared Key
      Pre-Shared Key: Key
        Phase 2 Proposal
      Protocol: ESP
      Encryption Algorithms: All are checked but DES
      Hash Algorithms: Both SHA1 and MD5 are checked
      PFS Key Group: 2
      Lifetime: 3600

      Site #2

      Remote Subnet: 192.168.3.0/24
      Remote Gateway: 71.x.x.x (Dynamic IP but only changes once ever few months I treat it like Static)
        Phase 1 Proposal
      Negotiation Mode: Aggressive
      My Identifier: NONE (To my understanding this doesn't need to be done. Please let me know if I'm wrong)
      Encryption Algorithm: 3DES
      Hash Algorithm: SHA1
      DH Key Group: 2
      Lifetime 28800
      Authentication Method: Pre-Shared Key
      Pre-Shared Key: Key
        Phase 2 Proposal
      Protocol: ESP
      Encryption Algorithms: All are checked but DES
      Hash Algorithms: Both SHA1 and MD5 are checked
      PFS Key Group: 2
      Lifetime: 3600

      Under Firewall: Rules

      IPSEC Tab, Proto:, Source:, Port:, Destination:, Port:, Gateway: (Any to Any)

      Wan Tab, Nothing there as once again my understanding is pfSense opens what it needs to for the VPN by itself. Please correct me if I'm wrong.

      Lan Tab, Lan net to Any (Default rule)

      Now when I go into System logs: IPSEC this is what I get on the Site 1 system and the Site 2 system looks the same just with different IP's. I didn't post but if need be I can.

      Aug 24 01:03:53 racoon: [Unknown Gateway/Dynamic]: INFO: 192.168.3.254[500] used for NAT-T
      Aug 24 01:03:53 racoon: [Self]: INFO: 192.168.3.254[500] used as isakmp port (fd=16)
      Aug 24 01:03:53 racoon: INFO: 127.0.0.1[500] used for NAT-T
      Aug 24 01:03:53 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
      Aug 24 01:03:53 racoon: INFO: 71.x.x.x[500] used for NAT-T
      Aug 24 01:03:53 racoon: [Self]: INFO: 71.x.x.x[500] used as isakmp port (fd=14)
      Aug 24 01:03:43 racoon: INFO: unsupported PF_KEY message REGISTER

      This is my first time trying to setup a VPN so I'm very new at this. Please any help would be great. If I left out any data please let me know and I will get it added right away.

      Thanks in advance,
      Fearmonge

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.