Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC with shrew vpn helpppppppppp!!!!!!!!!!

    Scheduled Pinned Locked Moved IPsec
    8 Posts 3 Posters 12.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      matrix1233
      last edited by

      Hi,
      I made an ipsec VPN and when the client vpn connect i have on the log this =>

      racoon: WARNING: trns_id mismatched: my:CAST peer:AES
      Nov 18 14:10:18 racoon: WARNING: trns_id mismatched: my:CAST peer:AES
      Nov 18 14:10:18 racoon: WARNING: authtype mismatched: my:hmac-sha peer:hmac-md5
      Nov 18 14:10:19 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP 93.39.36.193[0]->11.246.14.23[0] spi=25576485(0x1864425)
      Nov 18 14:10:19 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP 11.246.14.23[0]->93.39.36.193[0] spi=1029581908(0x3d5e2c54)
      Nov 18 14:10:19 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.220.5/32[0] 0.0.0.0/0[0] proto=any dir=in"
      Nov 18 14:10:19 racoon: ERROR: such policy does not already exist: "0.0.0.0/0[0] 192.168.22.5ร /32[0] proto=any dir=out"
      Nov 18 14:12:23 racoon: [Unknown Gateway/Dynamic]: WARNING: remote address mismatched. db=93.39.36.193[500], act=93.39.36.193[8]
      Nov 18 14:12:38 racoon: [Unknown Gateway/Dynamic]: WARNING: remote address mismatched. db=93.39.36.193[500], act=93.39.36.193[8]
      Nov 18 14:12:41 racoon: INFO: DPD: remote (ISAKMP-SA spi=a7af1b1a563f67d6:5b8258f1d47b9903) seems to be dead.
      Nov 18 14:12:41 racoon: INFO: generated policy, deleting it.
      Nov 18 14:12:41 racoon: INFO: generated policy, deleting it.
      Nov 18 14:12:41 racoon: ERROR: pfkey X_SPDDELETE failed: Invalid argument
      Nov 18 14:12:41 racoon: ERROR: pfkey X_SPDDELETE failed: Invalid argument
      Nov 18 14:12:42 racoon: ERROR: unknown Informational exchange received.
      Nov 18 14:12:42 racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA deleted 11.246.14.23[500]-93.39.36.193[500] spi:a7af1b1a563f67d6:5b8258f1d47b9903
      Nov 18 14:12:45 racoon: ERROR: unknown Informational exchange received.
      Nov 18 14:12:48 last message repeated 4 times

      the connection is up for 2minutes and after is down . Can any one help me plzzzzzzzzzzzzzzz

      1 Reply Last reply Reply Quote 0
      • M
        matrix1233
        last edited by

        any help ??

        1 Reply Last reply Reply Quote 0
        • X
          XIII
          last edited by

          yea, change the algorithm (cipher) to match on both sides. currently one is CAST and the other is AES.

          this line in your log tells you EXACTLY what the problem is:

          racoon: WARNING: trns_id mismatched: my:CAST peer:AES

          -Chris Stutzman
          Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
          Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
          freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
          Check out the pfSense Wiki

          1 Reply Last reply Reply Quote 0
          • M
            matrix1233
            last edited by

            hi,
            but i verify that the 2 side are 3DES

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Check both your phase 1 and phase 2 settings. You have a mismatch. Neither of those listed is 3DES in the log from either side.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • M
                matrix1233
                last edited by

                the problem in the client or in the config of server ? .. sorry for this question but finally i can't found any problem in the 2 side
                thx

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  It could be either one โ€“ There is a mismatch, you just need to change one side or the other to match. If you don't see a mismatch, you may be looking in the wrong place. The error you see is from the phase 2 settings.

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • X
                    XIII
                    last edited by

                    you actually have 2 issues:
                    1. encryption, one side is set to use CAST, the other AES
                    2. authentication hash, one side is set to yous sha, the other md5

                    you find this in the top two lines of code you pasted.

                    -Chris Stutzman
                    Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
                    Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
                    freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
                    Check out the pfSense Wiki

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.