exchange Identity Protection not allowed in any applicable rmconf



  • I am receiving this error on my VPN connection.  I am kinda new to pfsense so if you ask for logs tell me how to find them.  I can tell you the setup I have matched between a sonicwall firewall and 2.0 pfsense as close as I possible can.  Here is my log if anyone has any ideas.

    Jun 21 22:41:04 racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
    Jun 21 22:41:04 racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
    Jun 21 22:41:04 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
    Jun 21 22:41:04 racoon: [Self]: INFO: bbb.bbb.bbb.bbb[4500] used for NAT-T
    Jun 21 22:41:04 racoon: [Self]: INFO: bbb.bbb.bbb.bbb[4500] used as isakmp port (fd=17)
    Jun 21 22:41:04 racoon: [Self]: INFO: bbb.bbb.bbb.bbb[500] used for NAT-T
    Jun 21 22:41:04 racoon: [Self]: INFO: bbb.bbb.bbb.bbb[500] used as isakmp port (fd=18)
    Jun 21 22:41:04 racoon: INFO: unsupported PF_KEY message REGISTER
    Jun 21 22:41:22 racoon: [Work]: [aaa.aaa.aaa.aaa] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
    Jun 21 22:41:30 racoon: [Work]: aaa.aaa.aaa.aaa] ERROR: exchange Identity Protection not allowed in any applicable rmconf.

    The last entry

    ERROR: exchange Identity Protection not allowed in any applicable rmconf.

    Will scroll forever if I leave it alone

    I admin both sides of the VPN so if anyone has any ideas I would love to try.  I googled this error and got 4 results that didnt help so I posted here.


  • Rebel Alliance Developer Netgate

    IIRC that's a mismatch in Main/Aggressive mode between the two ends.



  • YAAA you fixed me!  Thanks a bunch!


Locked