IPSEC TUNNEL BETWEEN TWO PFSENSE BOX



  • Hi Guys,

    i have ipsec tunneling setup.  it connects but i cannot ping from either side.  here are the logs

    Apr 14 11:27:15 racoon: INFO: @(#)ipsec-tools 0.7.2 (http://ipsec-tools.sourceforge.net)
    Apr 14 11:27:15 racoon: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
    Apr 14 11:27:15 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
    Apr 14 11:27:15 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=14)
    Apr 14 11:27:15 racoon: [Self]: INFO: 74.62.208.57[500] used as isakmp port (fd=15)
    Apr 14 11:27:15 racoon: [Self]: INFO: 192.168.138.1[500] used as isakmp port (fd=16)
    Apr 14 11:27:15 racoon: INFO: unsupported PF_KEY message REGISTER
    Apr 14 11:27:15 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=14)
    Apr 14 11:27:15 racoon: [Self]: INFO: 74.62.208.57[500] used as isakmp port (fd=15)
    Apr 14 11:27:15 racoon: [Self]: INFO: 192.168.138.1[500] used as isakmp port (fd=16)
    Apr 14 11:30:25 racoon: [rancho to la]: INFO: IPsec-SA request for 64.183.45.70 queued due to no phase1 found.
    Apr 14 11:30:25 racoon: [rancho to la]: INFO: initiate new phase 1 negotiation: 74.62.208.57[500]<=>64.183.45.70[500]
    Apr 14 11:30:25 racoon: INFO: begin Aggressive mode.
    Apr 14 11:30:25 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Apr 14 11:30:25 racoon: INFO: received Vendor ID: DPD
    Apr 14 11:30:25 racoon: WARNING: No ID match.
    Apr 14 11:30:25 racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
    Apr 14 11:30:25 racoon: [rancho to la]: INFO: ISAKMP-SA established 74.62.208.57[500]-64.183.45.70[500] spi:691ae6851d91362f:d88474d20ddbbe6d
    Apr 14 11:30:26 racoon: [rancho to la]: INFO: initiate new phase 2 negotiation: 74.62.208.57[500]<=>64.183.45.70[500]
    Apr 14 11:30:27 racoon: [rancho to la]: INFO: IPsec-SA established: ESP 64.183.45.70[0]->74.62.208.57[0] spi=191454699(0xb695deb)
    Apr 14 11:30:27 racoon: [rancho to la]: INFO: IPsec-SA established: ESP 74.62.208.57[0]->64.183.45.70[0] spi=89791474(0x55a1bf2)

    also, i can connect to the webgui from box b to box a, but not vise versa



  • Have you allowed traffic on the IPSec interface on both firewalls? By default, no traffic is allowed.



  • focal guy,

    yes i have. any ideas?

    thanks!



  • You should be pinging from a computer connected LAN A to computer connected to LAN B (or vice versa) not from one pfSense box to another.


Log in to reply