[ipsec] unable to configure a working ipsec vpn tunnel



  • Ok i have tried multiple times to setup a vpn setup between 2 pfsens 1.2.3(also tried 2.0 beta same result) pc's
    i have found different tutorials but non of them seems to work. i pretty sure i am the one that is making a mistake but i cant find the problem.

    i first started working with pfsens 1year ago. sins then i have tried 3 diffent times to configure a vpn. failed then i put the pfsense away after a few monts i tried again. every time i did fail  :-[

    [b]ok lets start:

    pfsense.local
    LAN 172.16.1.1
    WAN 192.168.1.74

    kobenl.local
    LAN 172.16.12.1
    WAN 192.168.1.75

    disabled: Block private networks and Block bogon networks

    i have made a IPSEC firewall rule on both pc's
    ANY ANY ANY ANY

    this is just a test setup and i failed for many time's so im happy if at least some data wil go trough security is not my main concern at the moment

    
    Source  Destination  	Direction  	Protocol  	Tunnel endpoints  	
    172.16.12.0/24 	172.16.1.0/24  	>	ESP 	192.168.1.76 -192.168.1.74 	
    172.16.1.0/24 	172.16.12.0/24 	<	ESP 	192.168.1.74 -192.168.1.76 	
    
    
    
    Mar 15 13:55:57 	racoon: INFO: @(#)ipsec-tools 0.7.2 (http://ipsec-tools.sourceforge.net)
    Mar 15 13:55:57 	racoon: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
    Mar 15 13:55:57 	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
    Mar 15 13:55:57 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=14)
    Mar 15 13:55:57 	racoon: [Self]: INFO: 172.16.1.5[500] used as isakmp port (fd=15)
    Mar 15 13:55:57 	racoon: [Self]: INFO: 192.168.1.74[500] used as isakmp port (fd=16)
    Mar 15 13:55:57 	racoon: INFO: unsupported PF_KEY message REGISTER
    Mar 15 13:55:57 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=14)
    Mar 15 13:55:57 	racoon: [Self]: INFO: 172.16.1.5[500] used as isakmp port (fd=15)
    Mar 15 13:55:57 	racoon: [Self]: INFO: 192.168.1.74[500] used as isakmp port (fd=16)
    

    i have attached my ipsec configs to this topic.
    if i can supply you with more information pls say so.

    
    Router____ pfsens(172.16.12.1) ___ client(172.16.12.10)
            \___ pfsense(172.16.1.1) ___  client(172.16.1.10)
    
    

    when i figured out what the problem is i want to make the network more advanced. 3ipsec tunnels to 3 different locations (uk, netherlands, germany, belgium) replacing cisco pix firewalls.

    SOLUTION:
    This had to be the dumbest thing i have every seen. i have tried multiple times and never tried to ping the other site :X ping to 172.16.12.1 brings up the tunnel and makes me feel stupid  :-
    maybe you can take this post as an excample for the rest of us :P haha
    ipsec-config-kobenl.local-20100315133413.txt
    ipsec-config-pfsense.local-20100315133110.txt


Log in to reply