Pfsense and isakmpd

sinfull

Hi

I am trying to get a tunnel from one of our offices (pfsense) to our HQ (obsd isakmpd)

But the tunnel is not opening and all i get is this error..

May 30 13:36:11 	racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
May 30 13:36:11 	racoon: INFO: ::1[500] used as isakmp port (fd=14)
May 30 13:36:11 	racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: fe80::218:4dff:fe76:1963%ath0[500] used as isakmp port (fd=16)
May 30 13:36:11 	racoon: INFO: fe80::200:24ff:fec5:d2a5%sis1[500] used as isakmp port (fd=17)
May 30 13:36:11 	racoon: INFO: 192.168.24.200[500] used as isakmp port (fd=18)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: 85.230.180.234[500] used as isakmp port (fd=19)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: fe80::200:24ff:fec5:d2a4%sis0[500] used as isakmp port (fd=20)
May 30 13:36:11 	racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
May 30 13:36:11 	racoon: INFO: ::1[500] used as isakmp port (fd=14)
May 30 13:36:11 	racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: fe80::218:4dff:fe76:1963%ath0[500] used as isakmp port (fd=16)
May 30 13:36:11 	racoon: INFO: fe80::200:24ff:fec5:d2a5%sis1[500] used as isakmp port (fd=17)
May 30 13:36:11 	racoon: INFO: 192.168.24.200[500] used as isakmp port (fd=18)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: 85.230.180.234[500] used as isakmp port (fd=19)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: fe80::200:24ff:fec5:d2a4%sis0[500] used as isakmp port (fd=20)
May 30 13:36:11 	racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
May 30 13:36:11 	racoon: INFO: ::1[500] used as isakmp port (fd=14)
May 30 13:36:11 	racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: fe80::218:4dff:fe76:1963%ath0[500] used as isakmp port (fd=16)
May 30 13:36:11 	racoon: INFO: fe80::200:24ff:fec5:d2a5%sis1[500] used as isakmp port (fd=17)
May 30 13:36:11 	racoon: INFO: 192.168.24.200[500] used as isakmp port (fd=18)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: 85.230.180.234[500] used as isakmp port (fd=19)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: fe80::200:24ff:fec5:d2a4%sis0[500] used as isakmp port (fd=20)
May 30 13:36:11 	racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
May 30 13:36:11 	racoon: INFO: ::1[500] used as isakmp port (fd=14)
May 30 13:36:11 	racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: fe80::218:4dff:fe76:1963%ath0[500] used as isakmp port (fd=16)
May 30 13:36:11 	racoon: INFO: fe80::200:24ff:fec5:d2a5%sis1[500] used as isakmp port (fd=17)
May 30 13:36:11 	racoon: INFO: 192.168.24.200[500] used as isakmp port (fd=18)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: 85.230.180.234[500] used as isakmp port (fd=19)
May 30 13:36:11 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
May 30 13:36:11 	racoon: INFO: fe80::200:24ff:fec5:d2a4%sis0[500] used as isakmp port (fd=20)
May 30 13:36:15 	racoon: INFO: caught signal 15
May 30 13:36:16 	racoon: INFO: racoon shutdown

So my question is… does isakmpd and pfsense work together?

sullrich

Upgrade to a recent snapshot.  http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/

sinfull

Thanks

sinfull

well http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/embedded/pfSense.img.gz dont work..

Lots of core dumps and segmentation faults.

dotdash

Saying it 'don't work' is not very useful without perhaps describing your hardware setup and giving some more details. If the image is really totally broken, chances are someone else would have noticed it. What releases run correctly for you- 1.0.1, 1.2beta1?

sullrich

@sinfull:

well http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/embedded/pfSense.img.gz dont work..

Lots of core dumps and segmentation faults.

Works fine here.  You must have missed a step in writing the image out to the card?  Like gzcat perhaps?

sinfull

Well my bad it was my cf card that was broken… :/

But now when i have changed cf card i still cant get the ipsec tunnel to work..

i get this error...

racoon: INFO: unsupported PF_KEY message REGISTER

SpLord

@sinfull:

Well my bad it was my cf card that was broken… :/

But now when i have changed cf card i still cant get the ipsec tunnel to work..

i get this error...

racoon: INFO: unsupported PF_KEY message REGISTER

same here

cmb

There were some issues with IPsec and snapshots up until earlier today. Try a new snapshot.