IPSec was working with 1.2.3 , with 2.0 RC-1 stopped working



  • So I have an IPSec VPN between two locations.  My end was PFSense 1.2.3 (Two routers in failover mode, in VMWare ESXI), the other end was 2 Linksys RV042 routers (both with the same firmware).

    This was working great. Then my primary router just stopped working (had been working great for over a year).

    So the secondary router had taken over as my primary and I decided to do a fresh install of 2.0 RC1 on my primary router. I set it up and everything was working great, I setup both IPsec VPN's but only one works!  Exact same configs, just one VPN does not connect.  If I turn of the new router and use the 1.2.3 backup its works great.

    Here are the Logs.

    racoon: []: INFO: IPsec-SA request for IPRemoved queued due to no phase1 found.
    Mar 17 09:30:57 racoon: [Remax Redmon]: INFO: initiate new phase 1 negotiation: IPRemoved[500]<=>IPRemoved[500]
    Mar 17 09:30:57 racoon: INFO: begin Identity Protection mode.
    Mar 17 09:30:57 racoon: ERROR: sendto (Operation not permitted)
    Mar 17 09:30:57 racoon: ERROR: sendfromto failed
    Mar 17 09:30:57 racoon: ERROR: phase1 negotiation failed due to send error. f1c8be04f0777fdc:0000000000000000
    Mar 17 09:30:57 racoon: ERROR: failed to begin ipsec sa negotication.

    I must be missing something simple, but I promise I have quadrupole checked both configs.  They are all setup 100% the same.

    Thoughts?



  • Did you create the allow rule in the firewall rules for ipsec?



  • I'm having this same issue with ipsec.  OpenVPN is working fine.

    
    Aug 10 13:29:22	racoon: [Ward & Associates Accounting]: INFO: IPsec-SA request for 71.116.225.117 queued due to no phase1 found.
    Aug 10 13:29:22	racoon: [Ward & Associates Accounting]: INFO: initiate new phase 1 negotiation: 66.215.196.162[500]<=>71.116.225.117[500]
    Aug 10 13:29:22	racoon: INFO: begin Aggressive mode.
    Aug 10 13:29:22	racoon: ERROR: sendto (Operation not permitted)
    Aug 10 13:29:22	racoon: ERROR: sendfromto failed
    Aug 10 13:29:22	racoon: ERROR: phase1 negotiation failed due to send error. 01955ce1bf4b41b5:0000000000000000
    Aug 10 13:29:22	racoon: ERROR: failed to begin ipsec sa negotication.
    


  • if that had happened to me.
    I would have tried with "main mode"



  • This is very similar to my problem, our situation and logs look almost identical.

    http://forum.pfsense.org/index.php/topic,40285.0.html


Log in to reply