ERROR: can't start the quick mode, there is no ISAKMP-SA

rkelleyrtp

Greetings all,

I updated our pfSense firewall last night from 2.0.2 to 2.1Beta (built on Tue Feb 5 20:22:25 EST 2013).  I am having a problem with some ipSec tunnels not coming up.  They were working fine with 2.0.2, but now I get some strange errors in the ipsec log.  Here are the log entries:

---

Feb 7 15:49:12 racoon: INFO: caught signal 15
Feb 7 15:49:12 racoon: INFO: racoon process 40801 shutdown
Feb 7 15:49:17 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
Feb 7 15:49:17 racoon: INFO: @(#)This product linked OpenSSL 1.0.1c 10 May 2012 (http://www.openssl.org/)
Feb 7 15:49:17 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
Feb 7 15:49:17 racoon: [Self]: INFO: <local_wan_ip>[4500] used for NAT-T
Feb 7 15:49:17 racoon: [Self]: INFO: <local_wan_ip>[4500] used as isakmp port (fd=14)
Feb 7 15:49:17 racoon: [Self]: INFO: <local_wan_ip>[500] used for NAT-T
Feb 7 15:49:17 racoon: [Self]: INFO: <local_wan_ip>[500] used as isakmp port (fd=15)
Feb 7 15:49:17 racoon: INFO: unsupported PF_KEY message REGISTER
Feb 7 15:49:17 racoon: ERROR: such policy already exists. anyway replace it: 192.168.2.1/32[0] 192.168.2.0/24[0] proto=any dir=out
Feb 7 15:49:17 racoon: ERROR: such policy already exists. anyway replace it: 192.168.2.0/24[0] 192.168.2.1/32[0] proto=any dir=in
Feb 7 15:49:17 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.10/32[0] 10.0.0.74/32[0] proto=any dir=out
Feb 7 15:49:17 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.74/32[0] 192.168.1.10/32[0] proto=any dir=in
Feb 7 15:49:40 racoon: [Tunnel01]: [<remote_ip>] ERROR: can't start the quick mode, there is no ISAKMP-SA, 6f4743bcc2f2d185:6b8ab86e7bf06504:0000f732
Feb 7 15:49:44 racoon: [Tunnel01]: [<remote_ip>] ERROR: can't start the quick mode, there is no ISAKMP-SA, 6f4743bcc2f2d185:6b8ab86e7bf06504:0000f732
Feb 7 15:49:53 racoon: [Tunnel01]: [<remote_ip>] ERROR: can't start the quick mode, there is no ISAKMP-SA, 6f4743bcc2f2d185:6b8ab86e7bf06504:0000f732
Feb 7 15:50:10 racoon: [Tunnel01]: [<remote_ip>] ERROR: can't start the quick mode, there is no ISAKMP-SA, 6f4743bcc2f2d185:6b8ab86e7bf06504:0000f732
Feb 7 15:51:48 racoon: [Tunnel01]: [<remote_ip>] ERROR: can't start the quick mode, there is no ISAKMP-SA, 6f4743bcc2f2d185:eae07550665ecd12:00006d8b
Feb 7 15:51:52 racoon: [Tunnel01]: [<remote_ip>] ERROR: can't start the quick mode, there is no ISAKMP-SA, 6f4743bcc2f2d185:eae07550665ecd12:00006d8b
Feb 7 15:52:01 racoon: [Tunnel01]: [<remote_ip>] ERROR: can't start the quick mode, there is no ISAKMP-SA, 6f4743bcc2f2d185:eae07550665ecd12:00006d8b
Feb 7 15:52:18 racoon: [Tunnel01]: [<remote_ip>] ERROR: can't start the quick mode, there is no ISAKMP-SA, 6f4743bcc2f2d185:eae07550665ecd12:00006d8b

---

I have removed and recreated the IPSec tunnel a few times, deleted the SPD entries, cleared the logs, etc.  Still no joy.

Any ideas?  What else can I do to troubleshoot?

Thanks.</remote_ip></remote_ip></remote_ip></remote_ip></remote_ip></remote_ip></remote_ip></remote_ip></local_wan_ip></local_wan_ip></local_wan_ip></local_wan_ip>

eri--

You checked this thread http://forum.pfsense.org/index.php/topic,58579.0.html?

Update to latest snapshot to have that fixed.

rkelleyrtp

Thanks.  I will try to upgrade today…