Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC TUNNEL BETWEEN TWO PFSENSE BOX

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      echang1024
      last edited by

      Hi Guys,

      i have ipsec tunneling setup.  it connects but i cannot ping from either side.  here are the logs

      Apr 14 11:27:15 racoon: INFO: @(#)ipsec-tools 0.7.2 (http://ipsec-tools.sourceforge.net)
      Apr 14 11:27:15 racoon: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
      Apr 14 11:27:15 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
      Apr 14 11:27:15 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=14)
      Apr 14 11:27:15 racoon: [Self]: INFO: 74.62.208.57[500] used as isakmp port (fd=15)
      Apr 14 11:27:15 racoon: [Self]: INFO: 192.168.138.1[500] used as isakmp port (fd=16)
      Apr 14 11:27:15 racoon: INFO: unsupported PF_KEY message REGISTER
      Apr 14 11:27:15 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=14)
      Apr 14 11:27:15 racoon: [Self]: INFO: 74.62.208.57[500] used as isakmp port (fd=15)
      Apr 14 11:27:15 racoon: [Self]: INFO: 192.168.138.1[500] used as isakmp port (fd=16)
      Apr 14 11:30:25 racoon: [rancho to la]: INFO: IPsec-SA request for 64.183.45.70 queued due to no phase1 found.
      Apr 14 11:30:25 racoon: [rancho to la]: INFO: initiate new phase 1 negotiation: 74.62.208.57[500]<=>64.183.45.70[500]
      Apr 14 11:30:25 racoon: INFO: begin Aggressive mode.
      Apr 14 11:30:25 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Apr 14 11:30:25 racoon: INFO: received Vendor ID: DPD
      Apr 14 11:30:25 racoon: WARNING: No ID match.
      Apr 14 11:30:25 racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
      Apr 14 11:30:25 racoon: [rancho to la]: INFO: ISAKMP-SA established 74.62.208.57[500]-64.183.45.70[500] spi:691ae6851d91362f:d88474d20ddbbe6d
      Apr 14 11:30:26 racoon: [rancho to la]: INFO: initiate new phase 2 negotiation: 74.62.208.57[500]<=>64.183.45.70[500]
      Apr 14 11:30:27 racoon: [rancho to la]: INFO: IPsec-SA established: ESP 64.183.45.70[0]->74.62.208.57[0] spi=191454699(0xb695deb)
      Apr 14 11:30:27 racoon: [rancho to la]: INFO: IPsec-SA established: ESP 74.62.208.57[0]->64.183.45.70[0] spi=89791474(0x55a1bf2)

      also, i can connect to the webgui from box b to box a, but not vise versa

      1 Reply Last reply Reply Quote 0
      • F
        focalguy
        last edited by

        Have you allowed traffic on the IPSec interface on both firewalls? By default, no traffic is allowed.

        1 Reply Last reply Reply Quote 0
        • E
          echang1024
          last edited by

          focal guy,

          yes i have. any ideas?

          thanks!

          1 Reply Last reply Reply Quote 0
          • E
            Eugene
            last edited by

            You should be pinging from a computer connected LAN A to computer connected to LAN B (or vice versa) not from one pfSense box to another.

            http://ru.doc.pfsense.org

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.