Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC- LOGS: racoon: ERROR: not acceptable Identity Protection mode

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 8.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sunny chowdhry
      last edited by

      Hi there,

      I have configured my IPSec tunnel between two offices and it works fine. Both the offices uses PFSENSE 1.2-BETA-2 version. The tunnel is up. But when I look at the logs of IPSEC on the main office PFsense I get this racoon error a lot (racoon: ERROR: not acceptable Identity Protection mode) and it repeated continuesly. There is no such errors on the branch office PFSENCE's IPSEC logs. I am not sure why this happens. If anyone can help me out with this, it will be very helpful.

      Some more info about my tunnel.
      –------------------------------

      The main office is configured to accept mobile clients. The racoon config is as follows

      path pre_shared_key "/var/etc/psk.txt";

      path certificate  "/var/etc";

      remote anonymous {
              exchange_mode aggressive;
              my_identifier address "xx.xx.xx.xx";

      initial_contact on;
              passive on;
              generate_policy on;
              support_proxy on;
              proposal_check obey;

      proposal {
                      encryption_algorithm 3des;
                      hash_algorithm sha1;
                      authentication_method pre_shared_key;
                      dh_group 2;
                      lifetime time 1200 secs;
              }
              lifetime time 1200 secs;
      }

      sainfo anonymous {
              encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
              authentication_algorithm hmac_sha1,hmac_md5;
              compression_algorithm deflate;
              lifetime time 1200 secs;
      }

      The pre-shared keys on the main office is /var/etc/psk.txt
      60yorkstreet@abc.com      verysecretpassword

      The branch office's racoon config is as follow:-

      path pre_shared_key "/var/etc/psk.txt";

      path certificate  "/var/etc";

      remote xx.xx.xx.xx {
              exchange_mode aggressive;
              my_identifier user_fqdn "60yorkstreet@abc.com";

      peers_identifier address xx.xx.xx.xx;
              initial_contact on;
              support_proxy on;
              proposal_check obey;

      proposal {
                      encryption_algorithm 3des;
                      hash_algorithm sha1;
                      authentication_method pre_shared_key;
                      dh_group 2;
                      lifetime time 1200 secs;
              }
              lifetime time 1200 secs;
      }

      sainfo address 192.168.60.0/24 any address 192.168.10.0/24 any {
              encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
              authentication_algorithm hmac_sha1,hmac_md5;
              compression_algorithm deflate;
              lifetime time 1200 secs;
      }

      The pre-shared keys on the branch office is /var/etc/psk.txt
      xx.xx.xx.xx      verysecretpassword

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.