Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSEC DOWN - Unknow Gateway

    IPsec
    2
    2
    2605
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      prbszxc last edited by

      friends

      I need help
      I have 5 VPNs and tunnel configured to function.
      The solution is always to restart the ipsec.
      Have multiple tunnels within each one.
      Already have disabled and I enabled DPD to check and the problem does not resolve.
      I marked the option SA Old but had no success.

      The mistake we always have is this:

      racoon: INFO: unsupported PF_KEY message REGISTER
      Nov 15 11:14:34 racoon: [Unknown Gateway / Dynamic]: ERROR: pfkey DELETE received: ESP 200.142.8.3 [500] -> 201.72.93.21 [500] spi = 2166257429 (0x811e7715)
      Nov 15 11:14:34 racoon: [Unknown Gateway / Dynamic]: ERROR: iph2 found in: ESP 201.72.93.21 [500] -> 200.142.8.3 [500] spi = 81337461 (0x4d91c75)
      Nov 15 11:14:34 racoon: [Unknown Gateway / Dynamic]: ERROR: pfkey DELETE received: ESP 200.142.8.3 [500] -> 201.72.93.21 [500] spi = 204048519 (0xc298887)
      Nov 15 11:14:34 racoon: [Unknown Gateway / Dynamic]: ERROR: iph2 found in: ESP 201.72.93.21 [500] -> 200.142.8.3 [500] spi = 215270150 (0xcd4c306)
      Nov 15 11:14:34 racoon: INFO: unsupported PF_KEY message REGISTER
      Nov 15 11:14:34 racoon: INFO: unsupported PF_KEY message REGISTER
      Nov 15 11:14:34 racoon: INFO: unsupported PF_KEY message REGISTER
      Nov 15 11:14:34 racoon: INFO: unsupported PF_KEY message REGISTER

      The error occurs in version 2.0.1 and now I upgraded to 2.1 to analyze, but the error continues.
      Can anyone help me?








      1 Reply Last reply Reply Quote 0
      • B
        bakesale last edited by

        bumping this thread, hoping we can get resolution I'm seeing the same error, I've got multiple tunnels up but I'm having disconnect issues with them.  The SAD entires still appear with setkey -D but the counters show no traffic coming from the remote site.  The other site is not a racoon/pfsense device.

        Sep  4 08:34:44 vpn racoon: [184.71.132.154] ERROR: delete payload with invalid doi:0.
        Sep  4 08:48:45 vpn racoon: [aaa.aaa.aaa.aaa] ERROR: unknown Informational exchange received.
        Sep  4 11:10:39 vpn racoon: ERROR: phase1 negotiation failed due to time up. 4da0a464cfd021e5:d86e8547b43ac0af
        Sep  4 12:56:54 vpn racoon: [aaa.aaa.aaa.aaa] ERROR: unknown Informational exchange received.
        Sep  4 13:48:59 vpn racoon: ERROR: pfkey DELETE received: ESP me.me.me/me[500]->aaa.aaa.aaa.aa[500] spi=246925167(0xeb7c76f)
        Sep  4 13:48:59 vpn racoon: ERROR: no iph2 found: ESP aaa.aaa.aaa.aaa[500]->me.me.me.me[500] spi=199400304(0xbe29b70)
        Sep  4 13:49:10 vpn racoon: ERROR: no iph2 found: ESP me.me.me.me[500]->aaa.aaa.aaa.aaa[500] spi=166831041(0x9f1a3c1)
        Sep  4 13:51:16 vpn racoon: ERROR: no iph2 found: ESP me.me.me.me[500]->bbb.bbb.bbb.bbb[500] spi=1807220792(0x6bb80038)
        Sep  4 13:51:16 vpn racoon: ERROR: no iph2 found: ESP bbb.bbb.bbb.bbb[500]->me.me.me.me[500] spi=36532152(0x22d6fb8)
        Sep  4 13:55:02 vpn racoon: ERROR: pfkey DELETE received: ESP me.me.me.me[500]->ccc.ccc.ccc.ccc[500] spi=187913932(0xb3356cc)
        Sep  4 13:55:02 vpn racoon: ERROR: no iph2 found: ESP ccc.ccc.ccc.ccc[500]->me.me/me/me[500] spi=213876149(0xcbf7db5)

        Here's one of my racoon.conf entires for Site A

        remote aaa.aaa.aaa.aaa {
                exchange_mode main;
                lifetime time 28800 seconds;
                proposal {
                        encryption_algorithm 3des;
                        hash_algorithm sha1;
                        authentication_method pre_shared_key;
                        dh_group 2;
                }
                generate_policy off;
        }

        sainfo address 172.29.0.0/28 any address 192.168.0.0/23 any {
                pfs_group 2;
                lifetime time 28800 seconds;
                encryption_algorithm 3des;
                authentication_algorithm hmac_sha1;
                compression_algorithm deflate;
        }

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy