Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC-VPN <-> openswan (Astaro) without chance

    Scheduled Pinned Locked Moved
    IPsec
    1
    1
    6.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      StefanS
      last edited by

      Hi,
      I hope someone have an idea.
      On both sides the same parameters and nevertheless are not connected the tunnels.
      pfsens (latest snapshot), Astaro (V7) last version.

      Messages pfsense:
      Jul 4 16:56:26    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:00006e40
      Jul 4 16:56:57    last message repeated 2 times
      Jul 4 16:57:03    racoon: INFO: unsupported PF_KEY message REGISTER
      Jul 4 16:57:03    racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=26)
      Jul 4 16:57:03    racoon: INFO: ::1[500] used as isakmp port (fd=27)
      Jul 4 16:57:03    racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=28)
      Jul 4 16:57:03    racoon: INFO: fe80::20c:29ff:fedb:18e3%le1[500] used as isakmp port (fd=29)
      Jul 4 16:57:03    racoon: INFO: 217.6.34.xx[500] used as isakmp port (fd=30)
      Jul 4 16:57:03    racoon: INFO: fe80::20c:29ff:fedb:18d9%le0[500] used as isakmp port (fd=31)
      Jul 4 16:57:03    racoon: INFO: 192.168.1.44[500] used as isakmp port (fd=32)
      Jul 4 16:57:36    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000129e
      Jul 4 16:58:07    last message repeated 2 times
      Jul 4 16:58:47    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000c909
      Jul 4 16:59:17    last message repeated 2 times
      Jul 4 16:59:57    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:00000802
      Jul 4 17:00:27    last message repeated 2 times
      Jul 4 17:01:07    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:00004b67
      Jul 4 17:01:36    last message repeated 2 times
      Jul 4 17:02:17    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:000019c1
      Jul 4 17:02:47    last message repeated 2 times
      Jul 4 17:03:27    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000823d
      Jul 4 17:03:56    last message repeated 2 times
      Jul 4 17:04:37    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000247f
      Jul 4 17:05:07    last message repeated 2 times
      Jul 4 17:05:47    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000fb63
      Jul 4 17:06:17    last message repeated 2 times
      Jul 4 17:06:57    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:000086fc
      Jul 4 17:07:27    last message repeated 2 times
      Jul 4 17:08:07    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000fde9
      Jul 4 17:08:37    last message repeated 2 times
      Jul 4 17:09:17    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000e126
      Jul 4 17:09:47    last message repeated 2 times
      Jul 4 17:10:27    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:00008543
      Jul 4 17:10:57    last message repeated 2 times
      Jul 4 17:11:37    racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 9d9927ce02ffe45f:02bbb0b4ad81289c:0000b670
      Jul 4 17:12:07    last message repeated 2 times

      Astaro:
      2007:07:04-16:47:07 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #528: received Vendor ID payload [Dead Peer Detection]
      2007:07:04-16:47:07 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #528: Peer ID is ID_IPV4_ADDR: '217.6.34.xx'
      2007:07:04-16:47:07 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #528: ISAKMP SA established
      2007:07:04-16:47:07 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #529: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#528}
      2007:07:04-16:47:07 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #528: ignoring informational payload, type IPSEC_INITIAL_CONTACT
      2007:07:04-16:47:17 (none) pluto[3864]: packet from 217.6.34.xx:500: ignoring informational payload, type INVALID_COOKIE
      2007:07:04-16:47:37 (none) pluto[3864]: packet from 217.6.34.xx:500: ignoring informational payload, type INVALID_COOKIE
      2007:07:04-16:48:17 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #529: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
      2007:07:04-16:48:17 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #529: starting keying attempt 2 of an unlimited number
      2007:07:04-16:48:17 (none) pluto[3864]: "S_REF_hovtTdsxWV_0" #530: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #529 {using isakmp#528}
      2007:07:04-16:48:17 (none) pluto[3864]: packet from 217.6.34.xx:500: ignoring informational payload, type INVALID_COOKIE
      2007:07:04-16:48:27 (none) pluto[3864]: packet from 217.6.34.xx:500: ignoring informational payload, type INVALID_COOKIE
      2007:07:04-16:48:47 (none) pluto[3864]: packet from 217.6.34.xx:500: ignoring informational payload, type INVALID_COOKIE

      Possibly an idea?

      Thanks for each assistance.

      Stefan

      1 Reply Last reply Reply Quote 0
      • First post
        Last post