Noob with ipsec



  • just trying to get a ipsec tunnel made between some pfsense boxes. right now it is in a test lab and the internet portion is a linksysrouter.
    box one has a static IP
    box 2 is DHCP
    and i used the facy mobile ipsec setup document on the site and even checked it with the monowall version.
    i think that i have everything right

    box one
    lan 10.1.0.78
    wan 192.168.1.101 Dhcp

    box 2
    lan 172.168.1.1
    wan 192.168.1.100 static

    let me know what you are thinking
    chase

    no connections are ever made and here are the error logs

    Apr 13 16:01:34 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
    Apr 13 16:01:34 racoon: INFO: ::1[500] used as isakmp port (fd=14)
    Apr 13 16:01:34 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
    Apr 13 16:01:34 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Apr 13 16:01:34 racoon: INFO: 192.168.1.101[500] used as isakmp port (fd=16)
    Apr 13 16:01:34 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Apr 13 16:01:34 racoon: INFO: fe80::2b0:d0ff:fe02:d4fc%xl1[500] used as isakmp port (fd=17)
    Apr 13 16:01:34 racoon: INFO: fe80::204:76ff:fe50:5c2e%xl0[500] used as isakmp port (fd=18)
    Apr 13 16:01:34 racoon: INFO: 10.1.0.78[500] used as isakmp port (fd=19)
    Apr 13 16:01:34 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Apr 13 16:01:48 racoon: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 192.168.1.100[500]->192.168.1.101[500]
    Apr 13 16:01:48 racoon: INFO: delete phase 2 handler.

    ![screen shot.JPG](/public/imported_attachments/1/screen shot.JPG)
    ![screen shot.JPG_thumb](/public/imported_attachments/1/screen shot.JPG_thumb)



  • Without seeing all the setting that you entered it's hard to say anything. The tutorial works, I'm using this kind of setup at multiple locations (and I actually did that tutorial  ;D ).



  • What do you mean by "the internet portion is a linksysrouter"?
    For this test, the WANs should just be in a hub, switch, or something. Generally a Linksys router will run NAT between it's LAN and WAN, so you wouldn't want to plug one firewall into the LAN and one into the WAN of the Linksys. Perhaps you mean they are both plugged into the LAN side of a Linksys with a built-in switch.



  • Ok i think that the biggest problem was between the keyboard and the monitor ;D ;D
    and when i said the internet portion was a linksys router i ment that i had the Wans  of the pfsense connected to the Lans of the linksys router.
    it was in the test lab
    when i just said enough, and grew a set i installed it live on on the field and Boom i was up and running like a CHAMP no more chumps
    Also the documentation for this setup rocks now that i got my stuff together.

    Great Product
    Chase


Log in to reply