Can't get IPsec to work



  • OK, below is a copy and paste of the log from one of the pfSense servers that I'm trying to establish an IPsec tunnel between.

    I've banged my head against the wall,desk,doors,laptop,computers, you name it.  I truly have no idea how to make this work, but I'm pretty certain latency issues are the cause.

    Is there anyone here who can help me fix this?  I've seriously given up.

    I've upgraded to pfSense 2.0 (congrats on the release) in hopes that I might be able to change the default time for phase 1 negotiation.

    (I've changed the outfacing static IP addresses to 0.0.0.0, don't worry, they were right.

    Sep 20 16:35:48	racoon: DEBUG: pk_recv: retry[0] recv()
    Sep 20 16:35:48	racoon: DEBUG: got pfkey ACQUIRE message
    Sep 20 16:35:48	racoon: DEBUG: suitable outbound SP found: 10.0.1.0/24[0] 192.168.0.0/22[0] proto=any dir=out.
    Sep 20 16:35:48	racoon: [Unknown Gateway/Dynamic]: DEBUG: sub:0xbfbfe758: 192.168.0.0/22[0] 10.0.1.0/24[0] proto=any dir=in
    Sep 20 16:35:48	racoon: [Unknown Gateway/Dynamic]: DEBUG: db :0x28548508: 10.0.1.101/32[0] 10.0.1.0/24[0] proto=any dir=out
    Sep 20 16:35:48	racoon: [Unknown Gateway/Dynamic]: DEBUG: sub:0xbfbfe758: 192.168.0.0/22[0] 10.0.1.0/24[0] proto=any dir=in
    Sep 20 16:35:48	racoon: [Unknown Gateway/Dynamic]: DEBUG: sub:0xbfbfe758: 192.168.0.0/22[0] 10.0.1.0/24[0] proto=any dir=in
    Sep 20 16:35:48	racoon: [Unknown Gateway/Dynamic]: DEBUG: sub:0xbfbfe758: 192.168.0.0/22[0] 10.0.1.0/24[0] proto=any dir=in
    Sep 20 16:35:48	racoon: [Unknown Gateway/Dynamic]: DEBUG: db :0x28548288: 192.168.0.0/22[0] 10.0.1.0/24[0] proto=any dir=in
    Sep 20 16:35:48	racoon: [Unknown Gateway/Dynamic]: DEBUG: suitable inbound SP found: 192.168.0.0/22[0] 10.0.1.0/24[0] proto=any dir=in.
    Sep 20 16:35:48	racoon: DEBUG: new acquire 10.0.1.0/24[0] 192.168.0.0/22[0] proto=any dir=out
    Sep 20 16:35:48	racoon: [Jordan Red Crescent]: [0.0.0.0] DEBUG: configuration "0.0.0.0[500]" selected.
    Sep 20 16:35:48	racoon: DEBUG: getsainfo params: loc='10.0.1.0/24' rmt='192.168.0.0/22' peer='NULL' client='NULL' id=1
    Sep 20 16:35:48	racoon: DEBUG: evaluating sainfo: loc='10.0.1.0/24', rmt='192.168.0.0/22', peer='ANY', id=1
    Sep 20 16:35:48	racoon: DEBUG: check and compare ids : values matched (IPv4_subnet)
    Sep 20 16:35:48	racoon: DEBUG: cmpid target: '10.0.1.0/24'
    Sep 20 16:35:48	racoon: DEBUG: cmpid source: '10.0.1.0/24'
    Sep 20 16:35:48	racoon: DEBUG: check and compare ids : values matched (IPv4_subnet)
    Sep 20 16:35:48	racoon: DEBUG: cmpid target: '192.168.0.0/22'
    Sep 20 16:35:48	racoon: DEBUG: cmpid source: '192.168.0.0/22'
    Sep 20 16:35:48	racoon: DEBUG: selected sainfo: loc='10.0.1.0/24', rmt='192.168.0.0/22', peer='ANY', id=1
    Sep 20 16:35:48	racoon: DEBUG: (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=16394:16393)
    Sep 20 16:35:48	racoon: DEBUG: (trns_id=3DES encklen=0 authtype=hmac-md5)
    Sep 20 16:35:48	racoon: DEBUG: in post_acquire
    Sep 20 16:35:48	racoon: [Jordan Red Crescent]: [0.0.0.0] DEBUG: configuration "0.0.0.0[500]" selected.
    Sep 20 16:35:48	racoon: [Jordan Red Crescent]: INFO: IPsec-SA request for 0.0.0.0queued due to no phase1 found.
    Sep 20 16:35:48	racoon: DEBUG: ===
    Sep 20 16:35:48	racoon: [Jordan Red Crescent]: INFO: initiate new phase 1 negotiation: 0.0.0.0[500]<=>0.0.0.0[500]
    Sep 20 16:35:48	racoon: INFO: begin Identity Protection mode.
    Sep 20 16:35:48	racoon: DEBUG: new cookie: d98e6b3162a2d838
    Sep 20 16:35:48	racoon: DEBUG: add payload of len 52, next type 13
    Sep 20 16:35:48	racoon: DEBUG: add payload of len 16, next type 13
    Sep 20 16:35:48	racoon: DEBUG: add payload of len 16, next type 13
    Sep 20 16:35:48	racoon: DEBUG: add payload of len 16, next type 13
    Sep 20 16:35:48	racoon: DEBUG: add payload of len 16, next type 13
    Sep 20 16:35:48	racoon: DEBUG: add payload of len 20, next type 13
    Sep 20 16:35:48	racoon: DEBUG: add payload of len 16, next type 0
    Sep 20 16:35:48	racoon: DEBUG: 208 bytes from 0.0.0.0[500] to 0.0.0.0[500]
    Sep 20 16:35:48	racoon: DEBUG: sockname 0.0.0.0[500]
    Sep 20 16:35:48	racoon: DEBUG: send packet from 0.0.0.0[500]
    Sep 20 16:35:48	racoon: DEBUG: send packet to 0.0.0.0[500]
    Sep 20 16:35:48	racoon: DEBUG: 1 times of 208 bytes message will be sent to 0.0.0.0[500]
    Sep 20 16:35:48	racoon: DEBUG: d98e6b31 62a2d838 00000000 00000000 01100200 00000000 000000d0 0d000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00015180 80010005 80030001 80020001 80040002 0d000014 4a131c81 07035845 5c5728f2 0e95452f 0d000014 cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 4485152d 18b6bbcd 0be8a846 9579ddcc 0d000018 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000 00000014 afcad713 68a1f1c9 6b8696fc 77570100
    Sep 20 16:35:48	racoon: DEBUG: resend phase1 packet d98e6b3162a2d838:0000000000000000
    Sep 20 16:35:58	racoon: DEBUG: 208 bytes from 0.0.0.0[500] to 0.0.0.0[500]
    Sep 20 16:35:58	racoon: DEBUG: sockname 0.0.0.0[500]
    Sep 20 16:35:58	racoon: DEBUG: send packet from 0.0.0.0[500]
    Sep 20 16:35:58	racoon: DEBUG: send packet to 0.0.0.0[500]
    Sep 20 16:35:58	racoon: DEBUG: 1 times of 208 bytes message will be sent to 0.0.0.0[500]
    Sep 20 16:35:58	racoon: DEBUG: d98e6b31 62a2d838 00000000 00000000 01100200 00000000 000000d0 0d000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00015180 80010005 80030001 80020001 80040002 0d000014 4a131c81 07035845 5c5728f2 0e95452f 0d000014 cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 4485152d 18b6bbcd 0be8a846 9579ddcc 0d000018 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000 00000014 afcad713 68a1f1c9 6b8696fc 77570100
    Sep 20 16:35:58	racoon: DEBUG: resend phase1 packet d98e6b3162a2d838:0000000000000000
    

Log in to reply