Mobile IPSEC stops routing until service is reset

  • Using the guides to get mobile IPSEC running I was able to successfully connect to my pfsense router. There seems to be an issue with reaching LAN hosts after a second connection attempt from another machine, however.

    The scenario:
    Computer A: Macbook Pro OSX 10.8.2 using built in VPN connector.
    Computer B: Windows 7 32bit using ShrewVPN 2.1.7

    Computer A will connect to the VPN and I can ping and connect to hosts on the primary LAN. I can disconnect and reconnect repeatedly and the connection works without issue each time. However, if I disconnect and then try to reconnect with Computer B, all hosts on the LAN become unreachable. This works in the opposite order as well.

    Checking the IPSEC logs, I see this:

    racoon: ERROR: no configuration found for IP REDACTED.
    racoon: ERROR: failed to begin ipsec sa negotication.

    Restarting the Racoon service fixes the issue for the next connection, but the problem repeats itself if the above scenario plays out.

  • Rebel Alliance Developer Netgate

    • System > Advanced, Miscellaneous tab.
    • Uncheck "Prefer Old IPsec SA"

  • Thank you for the reply. Per other threads on this topic I made sure that was unchecked, but the behavior stays the same.

  • Rebel Alliance Developer Netgate

    Only way that'll happen is if you have that box checked, or if you don't have this set on Phase 1:

    Policy Generation: Unique
    Proposal Checking: Strict

  • I double checked and the settings are set correctly.

    I tried to do my due diligence and poured through similar issues in the forums trying other suggested fixes, but I haven't been able to lick it yet.

Log in to reply