Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connecting To IPsec mobile client.

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pman860507
      last edited by

      I can not connect to my mobile client IPSec tunnel. Im receiving this from Shrewsoft Trace utility.

      12/08/13 15:44:59 -> : send IKE packet 192.168.1.9:500 -> 24.255.255.198:500 ( 526 bytes )
      12/08/13 15:44:59 DB : phase1 resend event scheduled ( ref count = 2 )
      12/08/13 15:45:04 -> : resend 1 phase1 packet(s) 192.168.1.9:500 -> .255..:500
      12/08/13 15:45:09 -> : resend 1 phase1 packet(s) 192.168.1.9:500 -> .255..
      :500
      12/08/13 15:45:14 -> : resend 1 phase1 packet(s) 192.168.1.9:500 -> .255..*:500
      12/08/13 15:45:19 ii : resend limit exceeded for phase1 exchange

      Right now it setup like this just trying to get it working.
      http://doc.pfsense.org/index.php/IPSec_Road_Warrior/Mobile_Client_How-To

      rules for ports 500,4500 and esp have been created.

      It seems like it can connect. When i get to my system firewall logs nothing shows up.  I am getting something weird with IPSEC though that i just noticed when i tried restarting the service.

      Aug 13 15:21:48	racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 172.30.1.0/24[0] 172.30.1.5/32[0] proto=any dir=in
      Aug 13 15:21:48	racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 172.30.1.5/32[0] 172.30.1.0/24[0] proto=any dir=out
      

      That im not sure about.  My private network is 172.30.1.0/24.

      I setup mobile client to run on 172.30.3.0/24. Which im not sure if i need to setup virtual IP's.  On my remote client I'm using 192.168.1.0/24, then my virtual adapter is using 192.168.100.0/24.

      I figured something is not set right.  All your help is greatly appreciated.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • P
        pman860507
        last edited by

        I cleared my log and turned on debuggings this was my output from the service restarting.  Is something not working right?  Im not sure why its using a CIDR of /32 since my network is /24.  This is really confusing me.  Thanks for the help.

        Aug 14 11:50:10	racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 172.30.1.0/24[0] 172.30.1.5/32[0] proto=any dir=in
        Aug 14 11:50:10	racoon: [Unknown Gateway/Dynamic]: DEBUG: db :0x80163a610: 172.30.1.0/24[0] 172.30.1.5/32[0] proto=any dir=in
        Aug 14 11:50:10	racoon: [Unknown Gateway/Dynamic]: DEBUG: sub:0x7fffffffe590: 172.30.1.0/24[0] 172.30.1.5/32[0] proto=any dir=in
        Aug 14 11:50:10	racoon: DEBUG: got pfkey X_SPDADD message
        Aug 14 11:50:10	racoon: DEBUG: pk_recv: retry[0] recv()
        Aug 14 11:50:10	racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 172.30.1.5/32[0] 172.30.1.0/24[0] proto=any dir=out
        Aug 14 11:50:10	racoon: [Unknown Gateway/Dynamic]: DEBUG: db :0x80163a790: 172.30.1.5/32[0] 172.30.1.0/24[0] proto=any dir=out
        Aug 14 11:50:10	racoon: [Unknown Gateway/Dynamic]: DEBUG: sub:0x7fffffffe590: 172.30.1.5/32[0] 172.30.1.0/24[0] proto=any dir=out
        Aug 14 11:50:10	racoon: [Unknown Gateway/Dynamic]: DEBUG: db :0x80163a610: 172.30.1.0/24[0] 172.30.1.5/32[0] proto=any dir=in
        Aug 14 11:50:10	racoon: [Unknown Gateway/Dynamic]: DEBUG: sub:0x7fffffffe590: 172.30.1.5/32[0] 172.30.1.0/24[0] proto=any dir=out
        Aug 14 11:50:10	racoon: DEBUG: got pfkey X_SPDADD message
        Aug 14 11:50:10	racoon: DEBUG: pk_recv: retry[0] recv()
        Aug 14 11:50:10	racoon: INFO: unsupported PF_KEY message REGISTER
        Aug 14 11:50:10	racoon: DEBUG: got pfkey REGISTER message
        Aug 14 11:50:10	racoon: DEBUG: pk_recv: retry[0] recv()
        Aug 14 11:50:10	racoon: [Unknown Gateway/Dynamic]: DEBUG: db :0x80163a610: 172.30.1.0/24[0] 172.30.1.5/32[0] proto=any dir=in
        Aug 14 11:50:10	racoon: [Unknown Gateway/Dynamic]: DEBUG: sub:0x7fffffffe590: 172.30.1.5/32[0] 172.30.1.0/24[0] proto=any dir=out
        Aug 14 11:50:10	racoon: DEBUG: got pfkey X_SPDDUMP message
        Aug 14 11:50:10	racoon: DEBUG: pk_recv: retry[0] recv()
        Aug 14 11:50:10	racoon: DEBUG: got pfkey X_SPDDUMP message
        Aug 14 11:50:10	racoon: DEBUG: pk_recv: retry[0] recv()
        Aug 14 11:50:10	racoon: [Self]: INFO: 24.255.255.198[500] used as isakmp port (fd=15)
        Aug 14 11:50:10	racoon: [Self]: INFO: 24.255.255.198[500] used for NAT-T
        Aug 14 11:50:10	racoon: [Self]: INFO: 24.255.255.198[4500] used as isakmp port (fd=14)
        Aug 14 11:50:10	racoon: [Self]: INFO: 24.255.255.198[4500] used for NAT-T
        Aug 14 11:50:10	racoon: DEBUG: open /var/db/racoon/racoon.sock as racoon management.
        Aug 14 11:50:10	racoon: DEBUG: getsainfo params: loc='ANONYMOUS' rmt='ANONYMOUS' peer='NULL' client='NULL' id=1
        Aug 14 11:50:10	racoon: DEBUG: no check of compression algorithm; not supported in sadb message.
        Aug 14 11:50:10	racoon: DEBUG: hmac(modp1024)
        Aug 14 11:50:10	racoon: INFO: Resize address pool from 0 to 253
        Aug 14 11:50:10	racoon: DEBUG: reading config file /var/etc/racoon.conf
        Aug 14 11:50:10	racoon: DEBUG: call pfkey_send_register for IPCOMP
        Aug 14 11:50:10	racoon: DEBUG: call pfkey_send_register for ESP
        Aug 14 11:50:10	racoon: DEBUG: call pfkey_send_register for AH
        Aug 14 11:50:10	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
        Aug 14 11:50:10	racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
        Aug 14 11:50:10	racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
        Aug 14 11:50:05	racoon: INFO: racoon process 55123 shutdown
        Aug 14 11:50:05	racoon: INFO: caught signal 15
        
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.