IPSEC DOWN - Unknow Gateway



  • friends

    I need help
    I have 5 VPNs and tunnel configured to function.
    The solution is always to restart the ipsec.
    Have multiple tunnels within each one.
    Already have disabled and I enabled DPD to check and the problem does not resolve.
    I marked the option SA Old but had no success.

    The mistake we always have is this:

    racoon: INFO: unsupported PF_KEY message REGISTER
    Nov 15 11:14:34 racoon: [Unknown Gateway / Dynamic]: ERROR: pfkey DELETE received: ESP 200.142.8.3 [500] -> 201.72.93.21 [500] spi = 2166257429 (0x811e7715)
    Nov 15 11:14:34 racoon: [Unknown Gateway / Dynamic]: ERROR: iph2 found in: ESP 201.72.93.21 [500] -> 200.142.8.3 [500] spi = 81337461 (0x4d91c75)
    Nov 15 11:14:34 racoon: [Unknown Gateway / Dynamic]: ERROR: pfkey DELETE received: ESP 200.142.8.3 [500] -> 201.72.93.21 [500] spi = 204048519 (0xc298887)
    Nov 15 11:14:34 racoon: [Unknown Gateway / Dynamic]: ERROR: iph2 found in: ESP 201.72.93.21 [500] -> 200.142.8.3 [500] spi = 215270150 (0xcd4c306)
    Nov 15 11:14:34 racoon: INFO: unsupported PF_KEY message REGISTER
    Nov 15 11:14:34 racoon: INFO: unsupported PF_KEY message REGISTER
    Nov 15 11:14:34 racoon: INFO: unsupported PF_KEY message REGISTER
    Nov 15 11:14:34 racoon: INFO: unsupported PF_KEY message REGISTER

    The error occurs in version 2.0.1 and now I upgraded to 2.1 to analyze, but the error continues.
    Can anyone help me?










  • bumping this thread, hoping we can get resolution I'm seeing the same error, I've got multiple tunnels up but I'm having disconnect issues with them.  The SAD entires still appear with setkey -D but the counters show no traffic coming from the remote site.  The other site is not a racoon/pfsense device.

    Sep  4 08:34:44 vpn racoon: [184.71.132.154] ERROR: delete payload with invalid doi:0.
    Sep  4 08:48:45 vpn racoon: [aaa.aaa.aaa.aaa] ERROR: unknown Informational exchange received.
    Sep  4 11:10:39 vpn racoon: ERROR: phase1 negotiation failed due to time up. 4da0a464cfd021e5:d86e8547b43ac0af
    Sep  4 12:56:54 vpn racoon: [aaa.aaa.aaa.aaa] ERROR: unknown Informational exchange received.
    Sep  4 13:48:59 vpn racoon: ERROR: pfkey DELETE received: ESP me.me.me/me[500]->aaa.aaa.aaa.aa[500] spi=246925167(0xeb7c76f)
    Sep  4 13:48:59 vpn racoon: ERROR: no iph2 found: ESP aaa.aaa.aaa.aaa[500]->me.me.me.me[500] spi=199400304(0xbe29b70)
    Sep  4 13:49:10 vpn racoon: ERROR: no iph2 found: ESP me.me.me.me[500]->aaa.aaa.aaa.aaa[500] spi=166831041(0x9f1a3c1)
    Sep  4 13:51:16 vpn racoon: ERROR: no iph2 found: ESP me.me.me.me[500]->bbb.bbb.bbb.bbb[500] spi=1807220792(0x6bb80038)
    Sep  4 13:51:16 vpn racoon: ERROR: no iph2 found: ESP bbb.bbb.bbb.bbb[500]->me.me.me.me[500] spi=36532152(0x22d6fb8)
    Sep  4 13:55:02 vpn racoon: ERROR: pfkey DELETE received: ESP me.me.me.me[500]->ccc.ccc.ccc.ccc[500] spi=187913932(0xb3356cc)
    Sep  4 13:55:02 vpn racoon: ERROR: no iph2 found: ESP ccc.ccc.ccc.ccc[500]->me.me/me/me[500] spi=213876149(0xcbf7db5)

    Here's one of my racoon.conf entires for Site A

    remote aaa.aaa.aaa.aaa {
            exchange_mode main;
            lifetime time 28800 seconds;
            proposal {
                    encryption_algorithm 3des;
                    hash_algorithm sha1;
                    authentication_method pre_shared_key;
                    dh_group 2;
            }
            generate_policy off;
    }

    sainfo address 172.29.0.0/28 any address 192.168.0.0/23 any {
            pfs_group 2;
            lifetime time 28800 seconds;
            encryption_algorithm 3des;
            authentication_algorithm hmac_sha1;
            compression_algorithm deflate;
    }


Log in to reply