Help on PFsense 2.1 IPSec
-
Can anybody help me on my IPsec. I've checked and re-checked everything on my settings and I'm sure both sites have exactly the same settings (Except from the Remote WAN IP of course). But still there is no traffic on my tunnel and this message appears on the ipsec logs
ERROR: such policy already exists. anyway replace it: 192.168.231.0/24[0] 192.168.235.0/24[0] proto=any dir=out
Feb 19 14:40:26ERROR: such policy already exists. anyway replace it: 192.168.235.0/24[0] 192.168.231.0/24[0] proto=any dir=in
-
Can anybody help me on my IPsec. I've checked and re-checked everything on my settings and I'm sure both sites have exactly the same settings (Except from the Remote WAN IP of course). But still there is no traffic on my tunnel and this message appears on the ipsec logs
ERROR: such policy already exists. anyway replace it: 192.168.231.0/24[0] 192.168.235.0/24[0] proto=any dir=out
Feb 19 14:40:26ERROR: such policy already exists. anyway replace it: 192.168.235.0/24[0] 192.168.231.0/24[0] proto=any dir=in
Please describe your set up in more detail.
Are both ends pfsense nodes?
You might also provide examples of the configuration at both ends with sensitive information (passwords, public IP addresses, and what not) obfuscated to protect the innocent. :)
-
Thanks for your reply. Here's my set up:
SITE A
Internet Protocol: IPv4
Interface: WAN
Remote Gateway: (SITE B PUBLIC WAN IP)
Auth Method: Mutual PSK
Negotiation Mode: Main
My Identifier My IP Add
Peer Identifier: Peer ID Add
Pre-Shared Key: password
Policy Generation: Default
Proposal Checking: Default
Encryption Checking: 3DES
Hash Algorithm: SHA256
DH Key Group: 2(1024Bit)
Lifetime: 28800
NAT Traversal: Disable
DPD: UncheckedSITE A PHASE 2
Mode: Tunnel IPV4
Local Network: LAN Subnet
Remote Network: 192.168.235.0/24 (Local Network of SITE B)
Protocol: ESP
Encryption Algorithm: 3DES
Hash Algorithm: SHA1
PFS Key Group: 2(1024Bit)
Lifetime 3600SITE B
Internet Protocol: IPv4
Interface: WAN
Remote Gateway: (SITE A PUBLIC WAN IP)
Auth Method: Mutual PSK
Negotiation Mode: Main
My Identifier My IP Add
Peer Identifier: Peer ID Add
Pre-Shared Key: password
Policy Generation: Default
Proposal Checking: Default
Encryption Checking: 3DES
Hash Algorithm: SHA256
DH Key Group: 2(1024Bit)
Lifetime: 28800
NAT Traversal: Disable
DPD: UncheckedSITE B PHASE 2
Mode: Tunnel IPV4
Local Network: LAN Subnet
Remote Network: 192.168.235.0/24 (Local Network of SITE A)
Protocol: ESP
Encryption Algorithm: 3DES
Hash Algorithm: SHA1
PFS Key Group: 2(1024Bit)
Lifetime 3600Both Sites already have a firewall rule: Screen Shot attached
-
Ok, so those are both pfSense hosts at either end.
Does the tunnel establish between the two hosts?
SITE A PHASE 2
Mode: Tunnel IPV4
Local Network: LAN Subnet
Remote Network: 192.168.235.0/24 (Local Network of SITE B)
Protocol: ESP
Encryption Algorithm: 3DES
Hash Algorithm: SHA1
PFS Key Group: 2(1024Bit)
Lifetime 3600[…snipped...]
SITE B PHASE 2
Mode: Tunnel IPV4
Local Network: LAN Subnet
Remote Network: 192.168.235.0/24 (Local Network of SITE A)
Protocol: ESP
Encryption Algorithm: 3DES
Hash Algorithm: SHA1
PFS Key Group: 2(1024Bit)
Lifetime 3600In your information, the subnet information in both phase2 sections is identical. That will not work.
In order to create traffic that will establish and/or traverse your IPSec tunnel…
From the webui:
Status > IPSec > Click the button to establish the tunnel
OR
Diagnostics > Ping > Change interface to LANFrom the shell:
ping -S <local_lan_ip><remote_lan_ip>That command above is sourcing packets from the LAN IP you specify (so it is sent across the tunnel) and sending it to the remote LAN.</remote_lan_ip></local_lan_ip>