IPSEC- LOGS: racoon: ERROR: not acceptable Identity Protection mode
-
Hi there,
I have configured my IPSec tunnel between two offices and it works fine. Both the offices uses PFSENSE 1.2-BETA-2 version. The tunnel is up. But when I look at the logs of IPSEC on the main office PFsense I get this racoon error a lot (racoon: ERROR: not acceptable Identity Protection mode) and it repeated continuesly. There is no such errors on the branch office PFSENCE's IPSEC logs. I am not sure why this happens. If anyone can help me out with this, it will be very helpful.
Some more info about my tunnel.
–------------------------------The main office is configured to accept mobile clients. The racoon config is as follows
path pre_shared_key "/var/etc/psk.txt";
path certificate "/var/etc";
remote anonymous {
exchange_mode aggressive;
my_identifier address "xx.xx.xx.xx";initial_contact on;
passive on;
generate_policy on;
support_proxy on;
proposal_check obey;proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 1200 secs;
}
lifetime time 1200 secs;
}sainfo anonymous {
encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate;
lifetime time 1200 secs;
}The pre-shared keys on the main office is /var/etc/psk.txt
60yorkstreet@abc.com verysecretpasswordThe branch office's racoon config is as follow:-
path pre_shared_key "/var/etc/psk.txt";
path certificate "/var/etc";
remote xx.xx.xx.xx {
exchange_mode aggressive;
my_identifier user_fqdn "60yorkstreet@abc.com";peers_identifier address xx.xx.xx.xx;
initial_contact on;
support_proxy on;
proposal_check obey;proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 1200 secs;
}
lifetime time 1200 secs;
}sainfo address 192.168.60.0/24 any address 192.168.10.0/24 any {
encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate;
lifetime time 1200 secs;
}The pre-shared keys on the branch office is /var/etc/psk.txt
xx.xx.xx.xx verysecretpassword