Noob with ipsec
-
just trying to get a ipsec tunnel made between some pfsense boxes. right now it is in a test lab and the internet portion is a linksysrouter.
box one has a static IP
box 2 is DHCP
and i used the facy mobile ipsec setup document on the site and even checked it with the monowall version.
i think that i have everything rightbox one
lan 10.1.0.78
wan 192.168.1.101 Dhcpbox 2
lan 172.168.1.1
wan 192.168.1.100 staticlet me know what you are thinking
chaseno connections are ever made and here are the error logs
Apr 13 16:01:34 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
Apr 13 16:01:34 racoon: INFO: ::1[500] used as isakmp port (fd=14)
Apr 13 16:01:34 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
Apr 13 16:01:34 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Apr 13 16:01:34 racoon: INFO: 192.168.1.101[500] used as isakmp port (fd=16)
Apr 13 16:01:34 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Apr 13 16:01:34 racoon: INFO: fe80::2b0:d0ff:fe02:d4fc%xl1[500] used as isakmp port (fd=17)
Apr 13 16:01:34 racoon: INFO: fe80::204:76ff:fe50:5c2e%xl0[500] used as isakmp port (fd=18)
Apr 13 16:01:34 racoon: INFO: 10.1.0.78[500] used as isakmp port (fd=19)
Apr 13 16:01:34 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Apr 13 16:01:48 racoon: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 192.168.1.100[500]->192.168.1.101[500]
Apr 13 16:01:48 racoon: INFO: delete phase 2 handler.![screen shot.JPG](/public/imported_attachments/1/screen shot.JPG)
![screen shot.JPG_thumb](/public/imported_attachments/1/screen shot.JPG_thumb) -
Without seeing all the setting that you entered it's hard to say anything. The tutorial works, I'm using this kind of setup at multiple locations (and I actually did that tutorial ;D ).
-
What do you mean by "the internet portion is a linksysrouter"?
For this test, the WANs should just be in a hub, switch, or something. Generally a Linksys router will run NAT between it's LAN and WAN, so you wouldn't want to plug one firewall into the LAN and one into the WAN of the Linksys. Perhaps you mean they are both plugged into the LAN side of a Linksys with a built-in switch. -
Ok i think that the biggest problem was between the keyboard and the monitor ;D ;D
and when i said the internet portion was a linksys router i ment that i had the Wans of the pfsense connected to the Lans of the linksys router.
it was in the test lab
when i just said enough, and grew a set i installed it live on on the field and Boom i was up and running like a CHAMP no more chumps
Also the documentation for this setup rocks now that i got my stuff together.Great Product
Chase