<![CDATA[IPSEC-VPN <-> openswan (Astaro) without chance]]>

<![CDATA[IPSEC-VPN <-> openswan (Astaro) without chance]]>Hi,
I hope someone have an idea.
On both sides the same parameters and nevertheless are not connected the tunnels.
pfsens (latest snapshot), Astaro (V7) last version.

Messages pfsense:
Jul 4 16:56:26 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:00006e40
Jul 4 16:56:57 last message repeated 2 times
Jul 4 16:57:03 racoon: INFO: unsupported PF_KEY message REGISTER
Jul 4 16:57:03 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=26)
Jul 4 16:57:03 racoon: INFO: ::1[500] used as isakmp port (fd=27)
Jul 4 16:57:03 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=28)
Jul 4 16:57:03 racoon: INFO: fe80::20c:29ff:fedb:18e3%le1[500] used as isakmp port (fd=29)
Jul 4 16:57:03 racoon: INFO: 217.6.34.xx[500] used as isakmp port (fd=30)
Jul 4 16:57:03 racoon: INFO: fe80::20c:29ff:fedb:18d9%le0[500] used as isakmp port (fd=31)
Jul 4 16:57:03 racoon: INFO: 192.168.1.44[500] used as isakmp port (fd=32)
Jul 4 16:57:36 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000129e
Jul 4 16:58:07 last message repeated 2 times
Jul 4 16:58:47 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000c909
Jul 4 16:59:17 last message repeated 2 times
Jul 4 16:59:57 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:00000802
Jul 4 17:00:27 last message repeated 2 times
Jul 4 17:01:07 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:00004b67
Jul 4 17:01:36 last message repeated 2 times
Jul 4 17:02:17 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:000019c1
Jul 4 17:02:47 last message repeated 2 times
Jul 4 17:03:27 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000823d
Jul 4 17:03:56 last message repeated 2 times
Jul 4 17:04:37 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000247f
Jul 4 17:05:07 last message repeated 2 times
Jul 4 17:05:47 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000fb63
Jul 4 17:06:17 last message repeated 2 times
Jul 4 17:06:57 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:000086fc
Jul 4 17:07:27 last message repeated 2 times
Jul 4 17:08:07 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000fde9
Jul 4 17:08:37 last message repeated 2 times
Jul 4 17:09:17 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000e126
Jul 4 17:09:47 last message repeated 2 times
Jul 4 17:10:27 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:00008543
Jul 4 17:10:57 last message repeated 2 times
Jul 4 17:11:37 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000b670
Jul 4 17:12:07 last message repeated 2 times

Astaro:
2007:07:04-16:47:07 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #528: received Vendor ID payload [Dead Peer Detection]
2007:07:04-16:47:07 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #528: Peer ID is ID_IPV4_ADDR: '217.6.34.xx'
2007:07:04-16:47:07 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #528: ISAKMP SA established
2007:07:04-16:47:07 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #529: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#528}
2007:07:04-16:47:07 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #528: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2007:07:04-16:47:17 (none) pluto[3864]: packet from 217.6.34.xx:500: ignoring informational payload, type INVALID_COOKIE
2007:07:04-16:47:37 (none) pluto[3864]: packet from 217.6.34.xx:500: ignoring informational payload, type INVALID_COOKIE
2007:07:04-16:48:17 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #529: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2007:07:04-16:48:17 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #529: starting keying attempt 2 of an unlimited number
2007:07:04-16:48:17 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #530: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #529 {using isakmp#528}
2007:07:04-16:48:17 (none) pluto[3864]: packet from 217.6.34.xx:500: ignoring informational payload, type INVALID_COOKIE
2007:07:04-16:48:27 (none) pluto[3864]: packet from 217.6.34.xx:500: ignoring informational payload, type INVALID_COOKIE
2007:07:04-16:48:47 (none) pluto[3864]: packet from 217.6.34.xx:500: ignoring informational payload, type INVALID_COOKIE

Possibly an idea?

Thanks for each assistance.

Stefan

]]>https://forum.netgate.com/topic/5102/ipsec-vpn-openswan-astaro-without-chanceRSS for NodeTue, 10 Mar 2026 10:24:41 GMTWed, 04 Jul 2007 15:31:43 GMT60