ERROR: invalid transform-id=4 in IPCOM VPN Fritzbox pf-sense



  • Hello,

    my avm fritz.box  -> pfsense tunnel is working - but i get some "errors" that i would like to understand better.
    Does anyone know what these error means

    racoon: INFO: purging spi=219210420.
    racoon: []: INFO: respond new phase 2 negotiation: 109.235.x.x[4500]<=>85.x.x.96[4500]
    racoon: INFO: Update the generated policy : 192.168.70.0/24[0] 192.168.71.0/24[0] proto=any dir=in
    racoon: ERROR: invalid transform-id=4 in IPCOMP.
    racoon: ERROR: invalid transform-id=4 in IPCOMP.
    racoon: ERROR: invalid transform-id=4 in IPCOMP.
    racoon: ERROR: invalid transform-id=4 in IPCOMP.
    racoon: ERROR: invalid transform-id=4 in IPCOMP.
    racoon: ERROR: invalid transform-id=4 in IPCOMP.
    racoon: ERROR: invalid transform-id=4 in IPCOMP.
    racoon: ERROR: invalid transform-id=4 in IPCOMP.
    racoon: ERROR: invalid transform-id=4 in IPCOMP.
    racoon: ERROR: invalid transform-id=4 in IPCOMP.
    racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel
    racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)
    racoon: NOTIFY: the packet is retransmitted by 85.x.x.96[4500] (1).
    racoon: []: INFO: IPsec-SA established: ESP 109.235.x.x[500]->85.x.x.96[500] spi=138113439(0x83b719f)
    racoon: []: INFO: IPsec-SA established: ESP 109.235.x.x[500]->85.x.x.96[500] spi=2607045018(0x9b64599a)
    racoon: []: INFO: initiate new phase 2 negotiation: 109.235.62.153[4500]<=>85.x.x.96[4500]
    racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3).
    racoon: WARNING: attribute has been modified.
    racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel
    racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)
    racoon: []: INFO: IPsec-SA established: ESP 109.235.x.x[500]->85.x.x.96[500] spi=85503470(0x518adee)
    racoon: []: INFO: IPsec-SA established: ESP 109.235.x.x[500]->85.x.x.96[500] spi=491009834(0x1d44372a)


  • Rebel Alliance Developer Netgate

    IIRC that means it is trying to use compression with IPsec which we don't have support for.