IPSEC- LOGS: racoon: ERROR: not acceptable Identity Protection mode

sunny chowdhry

Hi there,

I have configured my IPSec tunnel between two offices and it works fine. Both the offices uses PFSENSE 1.2-BETA-2 version. The tunnel is up. But when I look at the logs of IPSEC on the main office PFsense I get this racoon error a lot (racoon: ERROR: not acceptable Identity Protection mode) and it repeated continuesly. There is no such errors on the branch office PFSENCE's IPSEC logs. I am not sure why this happens. If anyone can help me out with this, it will be very helpful.

Some more info about my tunnel.
–------------------------------

The main office is configured to accept mobile clients. The racoon config is as follows

path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

remote anonymous {
        exchange_mode aggressive;
        my_identifier address "xx.xx.xx.xx";

initial_contact on;
        passive on;
        generate_policy on;
        support_proxy on;
        proposal_check obey;

proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
                lifetime time 1200 secs;
        }
        lifetime time 1200 secs;
}

sainfo anonymous {
        encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
        authentication_algorithm hmac_sha1,hmac_md5;
        compression_algorithm deflate;
        lifetime time 1200 secs;
}

The pre-shared keys on the main office is /var/etc/psk.txt
60yorkstreet@abc.com      verysecretpassword

The branch office's racoon config is as follow:-

path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

remote xx.xx.xx.xx {
        exchange_mode aggressive;
        my_identifier user_fqdn "60yorkstreet@abc.com";

peers_identifier address xx.xx.xx.xx;
        initial_contact on;
        support_proxy on;
        proposal_check obey;

proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
                lifetime time 1200 secs;
        }
        lifetime time 1200 secs;
}

sainfo address 192.168.60.0/24 any address 192.168.10.0/24 any {
        encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
        authentication_algorithm hmac_sha1,hmac_md5;
        compression_algorithm deflate;
        lifetime time 1200 secs;
}

The pre-shared keys on the branch office is /var/etc/psk.txt
xx.xx.xx.xx      verysecretpassword