VPN to Watchguard Firebox X Edge
-
Hi
I'm trying to get an IPsec VPN working from pfSense 2.1 to a fairly old Watchguard Firebox X Edge.
As far as I can tell from multiple checks, both ends are configured the same but the tunnel refuses to come up. I've using a pretty standard setup with Main mode, 3DES and SHA1 for both P1 and P2, no PFS. Timeouts match as far as I can see.
If the pfSense logs, I get the following:-
Sep 27 10:39:39 racoon: [Charcoalblue]: INFO: IPsec-SA request for 46.65.206.51 queued due to no phase1 found.
Sep 27 10:39:39 racoon: [Charcoalblue]: INFO: initiate new phase 1 negotiation: 31.221.17.52[500]<=>46.65.206.51[500]
Sep 27 10:39:39 racoon: INFO: begin Identity Protection mode.
Sep 27 10:39:39 racoon: ERROR: sendto (Operation not permitted)
Sep 27 10:39:39 racoon: ERROR: sendfromto failed
Sep 27 10:39:39 racoon: ERROR: phase1 negotiation failed due to send error. 66b1e254686db797:0000000000000000
Sep 27 10:39:39 racoon: ERROR: failed to begin ipsec sa negotication.I've not had much luck searching for these errors unfortunately. I've multiple other VPNs to various devices which are all working fine, and an any/any IPsec at the moment.
Any idea what the problem might be?
Thanks
Joe
-
Greetings Joe. I had had 0 problems setting up WatchGuard models to connect to pfsense. It is all a vanilla install. Easy as pie. The errosr that you're seeing are strange though.
Sep 27 10:39:39 racoon: ERROR: sendto (Operation not permitted)
Sep 27 10:39:39 racoon: ERROR: sendfromto failed
Sep 27 10:39:39 racoon: ERROR: phase1 negotiation failed due to send error. 66b1e254686db797:0000000000000000
Sep 27 10:39:39 racoon: ERROR: failed to begin ipsec sa negotication.I've never seen these errors before. Google brings up http://lists.freebsd.org/pipermail/freebsd-net/2012-July/032726.html. Are you sure your settings match? Double check.
Not much help I know, sorry…