<![CDATA[No traffic between PfSense and Monowall tunnel]]>Hello

I have site-to-site setup between (site1)PfSense(2.1) and (site2)Monowall(1.34). The Ipsec tunnel was working like a charm before when I was running the previous version of PfSense.
But after I upgraded to latest version. No traffic is going trough it.
If I go to:

Status->ipsec->overview = Active(Green)

Status->ipsec->SAD=
Source     Destination  Protocol    SPI                 Enc. alg.         Auth. alg  . Data
Site1            Site2                 ESP          09f1b348  blowfish-cbc hmac-sha1 5504 B
Site2            Site1            ESP                 00540335 blowfish-cbc hmac-sha1 0 B

Status->ipsec->LOG
Oct 1 21:58:38 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
Oct 1 21:58:38 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
Oct 1 21:58:38 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[4500] used for NAT-T
Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[4500] used as isakmp port (fd=13)
Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[500] used for NAT-T
Oct 1 21:58:38 racoon: [Self]: INFO: Site1ip[500] used as isakmp port (fd=14)
Oct 1 21:58:41 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
Oct 1 21:58:41 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
Oct 1 21:58:41 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[4500] used for NAT-T
Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[4500] used as isakmp port (fd=13)
Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[500] used for NAT-T
Oct 1 21:58:41 racoon: [Self]: INFO: Site1ip[500] used as isakmp port (fd=14)
Oct 1 21:58:41 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 1 21:58:41 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.2/32[0] 192.168.0.0/24[0] proto=any dir=out
Oct 1 21:58:41 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.0/24[0] 192.168.0.2/32[0] proto=any dir=in
Oct 1 21:58:42 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 1 21:59:14 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 1 22:00:09 racoon: [GreenCity]: INFO: respond new phase 1 negotiation: Site1ip[500]<=>Site2ip[500]
Oct 1 22:00:09 racoon: INFO: begin Aggressive mode.
Oct 1 22:00:09 racoon: INFO: received Vendor ID: DPD
Oct 1 22:00:09 racoon: [GreenCity]: [Site2ip] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Oct 1 22:00:09 racoon: [GreenCity]: INFO: ISAKMP-SA established Site1ip[500]-Site2ip[500] spi:d15325d570874ce9:c06ed6b1cb5c72af
Oct 1 22:00:10 racoon: [GreenCity]: INFO: respond new phase 2 negotiation: Site1ip[500]<=>Site2ip[500]
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:256 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:248 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:240 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:232 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:224 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:216 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:208 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:200 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:192 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:184 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:176 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:168 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:160 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:152 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:144 peer:128.
Oct 1 22:00:10 racoon: WARNING: low key length proposed, mine:136 peer:128.
Oct 1 22:00:10 racoon: [GreenCity]: INFO: IPsec-SA established: ESP Site1ip[500]->Site2ip[500] spi=215023445(0xcd0ff55)
Oct 1 22:00:10 racoon: [GreenCity]: INFO: IPsec-SA established: ESP Site1ip[500]->Site2ip[500] spi=143386518(0x88be796)

]]>https://forum.netgate.com/topic/61176/no-traffic-between-pfsense-and-monowall-tunnelRSS for NodeSun, 12 Apr 2026 00:17:33 GMTTue, 01 Oct 2013 20:15:25 GMT60<![CDATA[Reply to No traffic between PfSense and Monowall tunnel on Tue, 01 Oct 2013 20:58:28 GMT]]>Anyone that have a clue what could be wrong here?

]]>https://forum.netgate.com/post/422210https://forum.netgate.com/post/422210Tue, 01 Oct 2013 20:58:28 GMT