PFSENSE ipsec + cisco RV110W
-
Hi:
I can't establish a IPSEC VPN Connection between my pfsense box and Cisco RV110W.
Please find as follow the logs from the webconfigurator:
Apr 24 19:28:41 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.2.1/24[0] 192.168.11.0/24[0] proto=any dir=in
Apr 24 19:28:41 racoon: [Unknown Gateway/Dynamic]: DEBUG: db :0x28547288: 192.168.2.1/24[0] 192.168.11.0/24[0] proto=any dir=in
Apr 24 19:28:41 racoon: [Unknown Gateway/Dynamic]: DEBUG: sub:0xbfbfe774: 192.168.2.1/24[0] 192.168.11.0/24[0] proto=any dir=in
Apr 24 19:28:41 racoon: [Unknown Gateway/Dynamic]: DEBUG: db :0x28547148: 192.168.11.0/24[0] 192.168.11.254/32[0] proto=any dir=in
Apr 24 19:28:41 racoon: [Unknown Gateway/Dynamic]: DEBUG: sub:0xbfbfe774: 192.168.2.1/24[0] 192.168.11.0/24[0] proto=any dir=inPlease find as follow the logs from /var/log/ipsec.log
__Apr 24 19:22:55 remot racoon: DEBUG: reading config file /var/etc/racoon.conf
Apr 24 19:22:55 remot racoon: DEBUG: hmac(modp768)
Apr 24 19:22:55 remot racoon: DEBUG: no check of compression algorithm; not supp orted in sadb message.
Apr 24 19:22:55 remot racoon: DEBUG: getsainfo params: loc='192.168.11.0/24' rmt ='192.168.2.1/24' peer='NULL' client='NULL' id=1
Apr 24 19:22:55 remot racoon: DEBUG: no check of compression algorithm; not supp orted in sadb message.
Apr 24 19:22:55 remot racoon: DEBUG: getsainfo params: loc='ANONYMOUS' rmt='ANON YMOUS' peer='NULL' client='NULL' id=2
Apr 24 19:22:55 remot racoon: DEBUG: evaluating sainfo: loc='192.168.11.0/24', r mt='192.168.2.1/24', peer='ANY', id=1
Apr 24 19:22:55 remot racoon: DEBUG: remoteid mismatch: 1 != 2
Apr 24 19:22:55 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:22:55 remot racoon: DEBUG: got pfkey REGISTER message
Apr 24 19:22:55 remot racoon: INFO: unsupported PF_KEY message REGISTER
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey REGISTER message
Apr 24 19:28:41 remot racoon: INFO: unsupported PF_KEY message REGISTER
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey X_SPDDELETE message
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe794: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547148: 192.168.11.0/24[0] 192.168. 11.254/32[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe794: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547288: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe794: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547508: 192.168.11.254/32[0] 192.16 8.11.0/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe794: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547648: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey X_SPDDELETE message
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe794: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547148: 192.168.11.0/24[0] 192.168. 11.254/32[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe794: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547288: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey X_SPDADD message
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe794: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547148: 192.168.11.0/24[0] 192.168. 11.254/32[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe794: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547508: 192.168.11.254/32[0] 192.16 8.11.0/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey X_SPDADD message
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe794: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547148: 192.168.11.0/24[0] 192.168. 11.254/32[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe794: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547508: 192.168.11.254/32[0] 192.16 8.11.0/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe794: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547288: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey X_SPDDUMP message
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey X_SPDDUMP message
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547148: 192.168.11.0/24[0] 192.168. 11.254/32[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey X_SPDDUMP message
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547148: 192.168.11.0/24[0] 192.168. 11.254/32[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547288: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: ERROR: such policy already exists. anyway replace it: 192.168.2.1/24[0] 192.168.11.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey X_SPDDUMP message
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.11.254/32[0] 192.16 8.11.0/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547148: 192.168.11.0/24[0] 192.168. 11.254/32[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.11.254/32[0] 192.16 8.11.0/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547288: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey X_SPDDUMP message
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547148: 192.168.11.0/24[0] 192.168. 11.254/32[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547288: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547508: 192.168.11.254/32[0] 192.16 8.11.0/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey X_SPDDUMP message
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547148: 192.168.11.0/24[0] 192.168. 11.254/32[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547288: 192.168.2.1/24[0] 192.168.1 1.0/24[0] proto=any dir=in
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547508: 192.168.11.254/32[0] 192.16 8.11.0/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: sub:0xbfbfe774: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: db :0x28547648: 192.168.11.0/24[0] 192.168. 2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: ERROR: such policy already exists. anyway replace it: 192.168.11.0/24[0] 192.168.2.1/24[0] proto=any dir=out
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[1] recv()
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[2] recv()
Apr 24 19:28:41 remot racoon: DEBUG: reading config file /var/etc/racoon.conf
Apr 24 19:28:41 remot racoon: DEBUG: hmac(modp768)
Apr 24 19:28:41 remot racoon: DEBUG: no check of compression algorithm; not supp orted in sadb message.
Apr 24 19:28:41 remot racoon: DEBUG: getsainfo params: loc='192.168.11.0/24' rmt ='192.168.2.1/24' peer='NULL' client='NULL' id=1
Apr 24 19:28:41 remot racoon: DEBUG: no check of compression algorithm; not supp orted in sadb message.
Apr 24 19:28:41 remot racoon: DEBUG: getsainfo params: loc='ANONYMOUS' rmt='ANON YMOUS' peer='NULL' client='NULL' id=2
Apr 24 19:28:41 remot racoon: DEBUG: evaluating sainfo: loc='192.168.11.0/24', r mt='192.168.2.1/24', peer='ANY', id=1
Apr 24 19:28:41 remot racoon: DEBUG: remoteid mismatch: 1 != 2
Apr 24 19:28:41 remot racoon: DEBUG: pk_recv: retry[0] recv()
Apr 24 19:28:41 remot racoon: DEBUG: got pfkey REGISTER message
Apr 24 19:28:41 remot racoon: INFO: unsupported PF_KEY message REGISTERPlease find the configuration I have
PFSense Box
Public IP: 91.187.69.2
LAN IP: 192.168.11.254/24Cisco RV100W Box
Public 91.187.68.192
LAN IP: 192.168.2.1/24Phase I
Interface WAN
Remote Gateway: Public IP of the Cisco Rv110W
Authentication Method: Mutual PSK
Negotiation mode: main
My identifier: Public IP of my PFSense
Peer identifier: Public IP of the Cisco Rv110W
Pre-Shared Key: any
Policy generation: Default
Proposal Checking: Obey
Encription algorithm: 3DES
Hash algorithm: SHA1
DH key group: 1
Lifetime: 28800
Nat Transversal: Enable
Dead Peer Detection: DisabledPhase 2
Mode: tunnel
Local network: LAN SUBNET
Remote Network: Type: Network , address 192.168.2.1/24
Protocol: ESP
Encrytion Algorithms : 3DES
Hash Algorithms: MD5
PFS Key Group: 1
Lifetime: 3600Any idea, solution ??, its very urgent.
An urgent reply will be much appreciated__
-
Apr 24 19:28:41 remot racoon: DEBUG: remoteid mismatch: 1 != 2
That seems quite ovious no?
-
@ermal:
Apr 24 19:28:41 remot racoon: DEBUG: remoteid mismatch: 1 != 2
That seems quite ovious no?
Yes maybe, but sorry, but I can't see where is the error.
Can you help me ??
-
I believe that means that the "ID" part of the config doesnt match between local and remote. Make sure that however the Cisco identifies itself (IP or whatever) matches what you have in your config.