IPSec broken still?

wildcard

Hello everyone, I just built another pfsense box and put it across town. I've got an ipsec configured to my pfsense box in my office but no matter what I do or change, I always get this error

racoon: INFO: unsupported PF_KEY message REGISTER

I started out with the latest RC2 candidate but ipsec wouldn't even initialize. I upgraded to the latest RC3, now I get this error. The funny thing is I also get this same error on my other pfsense box which is running 1.2-RC2 built on Mon Aug 20 12:41:04 EDT 2007. Is this a known bug? Any suggestions?

sunny chowdhry

can you give some more information on how your tunnels are configured on both sides

cmb

There are no known IPsec issues, the ones that came up a while back have since been fixed.

jeds

I'm still seeing the following with RC3

racoon: INFO: unsupported PF_KEY message REGISTER

I'm happy to post any further information which might help.

-Jed

cmb

Post your configuration from both sides.

xcape

Have you had any lucking getting rid of that message?

Thanks.

paulsgrigg

I've been trying to get a tunnel up between pfsense and ipcop and am also getting the same message in my ipsec logs. Any ideas?

IPSEC Log
Dec 7 16:32:44 racoon: INFO: unsupported PF_KEY message REGISTER
Dec 7 16:32:44 racoon: INFO: fe80::200:e8ff:fe12:ba22%dc0[500] used as isakmp port (fd=19)
Dec 7 16:32:44 racoon: [Self]: INFO: 85.189.247.234[500] used as isakmp port (fd=18)
Dec 7 16:32:44 racoon: [Self]: INFO: 172.31.15.8[500] used as isakmp port (fd=17)
Dec 7 16:32:44 racoon: INFO: fe80::202:a5ff:fecc:7d08%fxp0[500] used as isakmp port (fd=16)
Dec 7 16:32:44 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
Dec 7 16:32:44 racoon: INFO: ::1[500] used as isakmp port (fd=14)
Dec 7 16:32:44 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
Dec 7 16:32:44 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Dec 7 16:32:44 racoon: INFO: @(#)ipsec-tools 0.6.7 (http://ipsec-tools.sourceforge.net)

/var/etc/racoon.conf:
path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

remote 80.177.152.212 {
        exchange_mode main;
        my_identifier address "85.189.247.234";

peers_identifier address 80.177.152.212;
        initial_contact on;
        support_proxy on;
        proposal_check obey;

proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
                lifetime time 3600 secs;
        }
        lifetime time 3600 secs;
}

sainfo address 172.31.15.0/24 any address 10.101.0.0/16 any {
        encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
        authentication_algorithm hmac_sha1,hmac_md5;
        compression_algorithm deflate;
        lifetime time 28800 secs;
}