OPTX: THE PACKET IS RETRANSMITTED BY…

juan

Error when using OPTX interface:

Jul 10 09:08:50 racoon: ERROR: phase1 negotiation failed due to time up.
Jul 10 09:08:46 racoon: NOTIFY: the packet is retransmitted by REMOTE GATEWAY[500].
Jul 10 09:08:41 racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Jul 10 09:08:41 racoon: WARNING: SPI size isn't zero, but IKE proposal.
Jul 10 09:08:41 racoon: WARNING: No ID match.
Jul 10 09:08:41 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Jul 10 09:08:41 racoon: INFO: begin Aggressive mode.
Jul 10 09:08:41 racoon: INFO: respond new phase 1 negotiation: OPTX[500]<=>REMOTE GATEWAY[500]

someone knows how to resolve the "the packet is retransmitted by…" problem or the configuration steps for enable IPSEC traffic on OPTX interfaces?

a simple question: is IPSEC on OPTX interfaces supported by pfsense?

juan

IPSEC on OPTX interfaces is supported on 1.2b2?

sullrich

Yes  but it requires a static route.

juan

You could detail with an example the procedure to create this route correctly to make work IPSEC in an interface OPTX?

LAN 172.26.0.0/24 WAN X.X.X.X.X REMOTE GATEWAY Y.Y.Y.Y REMOTE LAN 192.168.1.0/24

It is not possible to apply the same procedure that automatically creates the routes in the WAN interface?

In the version 1.2b1 the tunnels ipsec in OPTX worked correctly until a certain point and in case of falling, reinitiating physically  the router (power down/up) in many cases gets the tunnels up and running (automatically  recreating routes?).

I have interest in making work IPSEC in interfaces OPTX, since my configuration would require of tunnels in WAN, OPT1 and OPT2 with about 25 tunnels each one. It would be technically feasible to attain this with pfsense?

Thanks.

juan

Somebody can explain how to create the routes necessary to make work IPSEC in OPTX in 1.2b2?

Help!

juan

I still need help on how to create the routes necessary to make work IPSEC in OPTX interfaces….

dotdash

I used something like this:
interface: OPT1
Network: (remote endpoint of ipsec tunnel/32)
Gateway: (gateway of OPT1 interface)

juan

Some questions:

Network: (remote endpoint of ipsec tunnel/32), is the public IP of the remote gateway?
i must add these routes on the SYSTEM>STATIC ROUTES section of the webconfigurator?

Thanks.

dotdash

Yes, the 'destination network' under system, static routes is the same IP you entered for 'remote gateway' on the IPSec tunnel.

juan

yes, seems to work.

Thanks!