Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Noob with ipsec

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chazers18
      last edited by

      just trying to get a ipsec tunnel made between some pfsense boxes. right now it is in a test lab and the internet portion is a linksysrouter.
      box one has a static IP
      box 2 is DHCP
      and i used the facy mobile ipsec setup document on the site and even checked it with the monowall version.
      i think that i have everything right

      box one
      lan 10.1.0.78
      wan 192.168.1.101 Dhcp

      box 2
      lan 172.168.1.1
      wan 192.168.1.100 static

      let me know what you are thinking
      chase

      no connections are ever made and here are the error logs

      Apr 13 16:01:34 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
      Apr 13 16:01:34 racoon: INFO: ::1[500] used as isakmp port (fd=14)
      Apr 13 16:01:34 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
      Apr 13 16:01:34 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Apr 13 16:01:34 racoon: INFO: 192.168.1.101[500] used as isakmp port (fd=16)
      Apr 13 16:01:34 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Apr 13 16:01:34 racoon: INFO: fe80::2b0:d0ff:fe02:d4fc%xl1[500] used as isakmp port (fd=17)
      Apr 13 16:01:34 racoon: INFO: fe80::204:76ff:fe50:5c2e%xl0[500] used as isakmp port (fd=18)
      Apr 13 16:01:34 racoon: INFO: 10.1.0.78[500] used as isakmp port (fd=19)
      Apr 13 16:01:34 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Apr 13 16:01:48 racoon: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 192.168.1.100[500]->192.168.1.101[500]
      Apr 13 16:01:48 racoon: INFO: delete phase 2 handler.

      ![screen shot.JPG](/public/imported_attachments/1/screen shot.JPG)
      ![screen shot.JPG_thumb](/public/imported_attachments/1/screen shot.JPG_thumb)

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Without seeing all the setting that you entered it's hard to say anything. The tutorial works, I'm using this kind of setup at multiple locations (and I actually did that tutorial  ;D ).

        1 Reply Last reply Reply Quote 0
        • dotdashD
          dotdash
          last edited by

          What do you mean by "the internet portion is a linksysrouter"?
          For this test, the WANs should just be in a hub, switch, or something. Generally a Linksys router will run NAT between it's LAN and WAN, so you wouldn't want to plug one firewall into the LAN and one into the WAN of the Linksys. Perhaps you mean they are both plugged into the LAN side of a Linksys with a built-in switch.

          1 Reply Last reply Reply Quote 0
          • C
            chazers18
            last edited by

            Ok i think that the biggest problem was between the keyboard and the monitor ;D ;D
            and when i said the internet portion was a linksys router i ment that i had the Wans  of the pfsense connected to the Lans of the linksys router.
            it was in the test lab
            when i just said enough, and grew a set i installed it live on on the field and Boom i was up and running like a CHAMP no more chumps
            Also the documentation for this setup rocks now that i got my stuff together.

            Great Product
            Chase

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.