Ipsec racoon help – SonicWall TZ 170 site to site



  • I've got a site to site VPN set up between a pfsense and SonicWall TZ170.
    It works super slick from pfsense to SW, but not the other way (a one way VPN?)
    I ran the racoon -F -d -v -f /var/etc/racoon.conf command posted in the forum and got this:

    Foreground mode.
    2010-04-03 21:16:30: INFO: @(#)ipsec-tools 0.7.2 (http://ipsec-tools.sourceforge.net)
    2010-04-03 21:16:30: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
    2010-04-03 21:16:30: INFO: Reading configuration from "/var/etc/racoon.conf"
    2010-04-03 21:16:30: DEBUG: call pfkey_send_register for AH
    2010-04-03 21:16:30: DEBUG: call pfkey_send_register for ESP
    2010-04-03 21:16:30: DEBUG: call pfkey_send_register for IPCOMP
    2010-04-03 21:16:30: DEBUG: reading config file /var/etc/racoon.conf
    2010-04-03 21:16:30: DEBUG: hmac(modp1024)
    2010-04-03 21:16:30: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
    2010-04-03 21:16:30: DEBUG: getsainfo params: loc='192.168.227.0/24', rmt='192.168.225.0/24', peer='NULL', id=0
    2010-04-03 21:16:30: DEBUG: getsainfo pass #2
    2010-04-03 21:16:30: DEBUG: open /var/db/racoon/racoon.sock as racoon management.
    2010-04-03 21:16:30: DEBUG: my interface: pfsense WAN IP
    2010-04-03 21:16:30: DEBUG: my interface: [pfsense LAN IP] (rl0)
    2010-04-03 21:16:30: DEBUG: my interface: 127.0.0.1 (lo0)
    2010-04-03 21:16:30: DEBUG: configuring default isakmp port.
    2010-04-03 21:16:30: DEBUG: 3 addrs are configured successfully
    2010-04-03 21:16:30: ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
    2010-04-03 21:16:30: ERROR: failed to bind to address [pfsense LAN IP][500] (Address already in use).
    2010-04-03 21:16:30: ERROR: failed to bind to address [pfsense WAN IP][500] (Address already in use).
    2010-04-03 21:16:30: ERROR: no address could be bound.

    I'm new to pfsense and BSDs. I recently bought the Guide for pfsense and have enjoyed myself immensely implementing pfsense at work. I would appreciate any help with this. 192.168.227.0 is the pfsense LAN subnet. 192.168.225.0 is the SonicWall LAN subnet.



  • :-[ OK… I figured it out. I'm glad I didn't waste anyone else's time with this (I hope). The SonicWall apparently has hidden associated NAT rules that are added when a new VPN is created. The NAT rule I made seemed to mess things up. I just deleted that and most seems to work now.


Log in to reply