IPSec broken still?



  • Hello everyone, I just built another pfsense box and put it across town. I've got an ipsec configured to my pfsense box in my office but no matter what I do or change, I always get this error

    racoon: INFO: unsupported PF_KEY message REGISTER
    

    I started out with the latest RC2 candidate but ipsec wouldn't even initialize. I upgraded to the latest RC3, now I get this error. The funny thing is I also get this same error on my other pfsense box which is running 1.2-RC2 built on Mon Aug 20 12:41:04 EDT 2007. Is this a known bug? Any suggestions?



  • can you give some more information on how your tunnels are configured on both sides



  • There are no known IPsec issues, the ones that came up a while back have since been fixed.



  • I'm still seeing the following with RC3

    racoon: INFO: unsupported PF_KEY message REGISTER

    I'm happy to post any further information which might help.

    -Jed



  • Post your configuration from both sides.



  • Have you had any lucking getting rid of that message?

    Thanks.



  • I've been trying to get a tunnel up between pfsense and ipcop and am also getting the same message in my ipsec logs. Any ideas?

    IPSEC Log
    Dec 7 16:32:44 racoon: INFO: unsupported PF_KEY message REGISTER
    Dec 7 16:32:44 racoon: INFO: fe80::200:e8ff:fe12:ba22%dc0[500] used as isakmp port (fd=19)
    Dec 7 16:32:44 racoon: [Self]: INFO: 85.189.247.234[500] used as isakmp port (fd=18)
    Dec 7 16:32:44 racoon: [Self]: INFO: 172.31.15.8[500] used as isakmp port (fd=17)
    Dec 7 16:32:44 racoon: INFO: fe80::202:a5ff:fecc:7d08%fxp0[500] used as isakmp port (fd=16)
    Dec 7 16:32:44 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
    Dec 7 16:32:44 racoon: INFO: ::1[500] used as isakmp port (fd=14)
    Dec 7 16:32:44 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
    Dec 7 16:32:44 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
    Dec 7 16:32:44 racoon: INFO: @(#)ipsec-tools 0.6.7 (http://ipsec-tools.sourceforge.net)

    /var/etc/racoon.conf:
    path pre_shared_key "/var/etc/psk.txt";

    path certificate  "/var/etc";

    remote 80.177.152.212 {
            exchange_mode main;
            my_identifier address "85.189.247.234";

    peers_identifier address 80.177.152.212;
            initial_contact on;
            support_proxy on;
            proposal_check obey;

    proposal {
                    encryption_algorithm 3des;
                    hash_algorithm sha1;
                    authentication_method pre_shared_key;
                    dh_group 2;
                    lifetime time 3600 secs;
            }
            lifetime time 3600 secs;
    }

    sainfo address 172.31.15.0/24 any address 10.101.0.0/16 any {
            encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
            authentication_algorithm hmac_sha1,hmac_md5;
            compression_algorithm deflate;
            lifetime time 28800 secs;
    }


Log in to reply