4. IPSEC- LOGS: racoon: ERROR: not acceptable Identity Protection mode

IPSEC- LOGS: racoon: ERROR: not acceptable Identity Protection mode

  • S

    Hi there,

    I have configured my IPSec tunnel between two offices and it works fine. Both the offices uses PFSENSE 1.2-BETA-2 version. The tunnel is up. But when I look at the logs of IPSEC on the main office PFsense I get this racoon error a lot (racoon: ERROR: not acceptable Identity Protection mode) and it repeated continuesly. There is no such errors on the branch office PFSENCE's IPSEC logs. I am not sure why this happens. If anyone can help me out with this, it will be very helpful.

    Some more info about my tunnel.
    –------------------------------

    The main office is configured to accept mobile clients. The racoon config is as follows

    path pre_shared_key "/var/etc/psk.txt";

    path certificate  "/var/etc";

    remote anonymous {
            exchange_mode aggressive;
            my_identifier address "xx.xx.xx.xx";

    initial_contact on;
            passive on;
            generate_policy on;
            support_proxy on;
            proposal_check obey;

    proposal {
                    encryption_algorithm 3des;
                    hash_algorithm sha1;
                    authentication_method pre_shared_key;
                    dh_group 2;
                    lifetime time 1200 secs;
            }
            lifetime time 1200 secs;
    }

    sainfo anonymous {
            encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
            authentication_algorithm hmac_sha1,hmac_md5;
            compression_algorithm deflate;
            lifetime time 1200 secs;
    }

    The pre-shared keys on the main office is /var/etc/psk.txt
    60yorkstreet@abc.com      verysecretpassword

    The branch office's racoon config is as follow:-

    path pre_shared_key "/var/etc/psk.txt";

    path certificate  "/var/etc";

    remote xx.xx.xx.xx {
            exchange_mode aggressive;
            my_identifier user_fqdn "60yorkstreet@abc.com";

    peers_identifier address xx.xx.xx.xx;
            initial_contact on;
            support_proxy on;
            proposal_check obey;

    proposal {
                    encryption_algorithm 3des;
                    hash_algorithm sha1;
                    authentication_method pre_shared_key;
                    dh_group 2;
                    lifetime time 1200 secs;
            }
            lifetime time 1200 secs;
    }

    sainfo address 192.168.60.0/24 any address 192.168.10.0/24 any {
            encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
            authentication_algorithm hmac_sha1,hmac_md5;
            compression_algorithm deflate;
            lifetime time 1200 secs;
    }

    The pre-shared keys on the branch office is /var/etc/psk.txt
    xx.xx.xx.xx      verysecretpassword

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy