GRE over IPSec



  • Hi,

    I am trying to configure a GRE over IPSec between a pfSense and Watchguard, however am coming across the following errors in the IPSec logs:

    Jun 13 10:54:53 racoon: DEBUG: 318f825b 30ae318c 57e7bc6d 50c1acfd 08102001 e934f53c 0000008c 5157d7bc 616f27a1 41d7ab4f 10a9b9cf 56e45399 d47c9865 6b708463 44e72dad 1b92ddfc a547a52d 5d78613e bf759583 aa60652f b916d5d7 df445ab1 34de4ca0 5b00e4d8 18a8f22b d7d2f9d1 308f441c 87ba2afe 587180ee 874464e9 8c4820c1 e83ed943 ebfaeb4e 7a015b61 5156ad70
    Jun 13 10:54:53 racoon: DEBUG: compute IV for phase2
    Jun 13 10:54:53 racoon: DEBUG: phase1 last IV:
    Jun 13 10:54:53 racoon: DEBUG: 84455530 1d5420aa e934f53c
    Jun 13 10:54:53 racoon: DEBUG: hash(sha1)
    Jun 13 10:54:53 racoon: DEBUG: encryption(3des)
    Jun 13 10:54:53 racoon: DEBUG: phase2 IV computed:
    Jun 13 10:54:53 racoon: DEBUG: d1687a3f b714f106
    Jun 13 10:54:53 racoon: DEBUG: ===
    Jun 13 10:54:53 racoon: [x.x.x.x]: INFO: respond new phase 2 negotiation: x.x.x.x[500]<=>x.x.x.x[500]
    Jun 13 10:54:53 racoon: DEBUG: begin decryption.
    Jun 13 10:54:53 racoon: DEBUG: encryption(3des)
    Jun 13 10:54:53 racoon: DEBUG: IV was saved for next processing:
    Jun 13 10:54:53 racoon: DEBUG: 7a015b61 5156ad70
    Jun 13 10:54:53 racoon: DEBUG: encryption(3des)
    Jun 13 10:54:53 racoon: DEBUG: with key:
    Jun 13 10:54:53 racoon: DEBUG: 2939d501 8f590c1e 7a59d0b5 b7d2eb58 3762ab93 8b7658b0
    Jun 13 10:54:53 racoon: DEBUG: decrypted payload by IV:
    Jun 13 10:54:53 racoon: DEBUG: d1687a3f b714f106
    Jun 13 10:54:53 racoon: DEBUG: decrypted payload, but not trimed.
    Jun 13 10:54:53 racoon: DEBUG: 01000018 b7e0435c 99a1d7f6 201f2ddd 2fadf891 ee9a5b20 0a000034 00000001 00000001 00000028 01030401 60164739 0000001c 01020000 80050002 80040001 80010001 00020004 00007080 0500000c 992de9d7 5a091dfa 0500000c 012f0000 ac500001 0000000c 012f0000 ac3c0001
    Jun 13 10:54:53 racoon: DEBUG: padding len=2
    Jun 13 10:54:53 racoon: DEBUG: skip to trim padding.
    Jun 13 10:54:53 racoon: DEBUG: decrypted.
    Jun 13 10:54:53 racoon: DEBUG: 318f825b 30ae318c 57e7bc6d 50c1acfd 08102001 e934f53c 0000008c 01000018 b7e0435c 99a1d7f6 201f2ddd 2fadf891 ee9a5b20 0a000034 00000001 00000001 00000028 01030401 60164739 0000001c 01020000 80050002 80040001 80010001 00020004 00007080 0500000c 992de9d7 5a091dfa 0500000c 012f0000 ac500001 0000000c 012f0000 ac3c0001
    Jun 13 10:54:53 racoon: DEBUG: begin.
    Jun 13 10:54:53 racoon: DEBUG: seen nptype=8(hash)
    Jun 13 10:54:53 racoon: DEBUG: seen nptype=1(sa)
    Jun 13 10:54:53 racoon: DEBUG: seen nptype=10(nonce)
    Jun 13 10:54:53 racoon: DEBUG: seen nptype=5(id)
    Jun 13 10:54:53 racoon: DEBUG: seen nptype=5(id)
    Jun 13 10:54:53 racoon: DEBUG: succeed.
    Jun 13 10:54:53 racoon: DEBUG: received IDci2:
    Jun 13 10:54:53 racoon: DEBUG: 012f0000 ac500001
    Jun 13 10:54:53 racoon: DEBUG: received IDcr2:
    Jun 13 10:54:53 racoon: DEBUG: 012f0000 ac3c0001
    Jun 13 10:54:53 racoon: DEBUG: HASH(1) validate:
    Jun 13 10:54:53 racoon: DEBUG: b7e0435c 99a1d7f6 201f2ddd 2fadf891 ee9a5b20
    Jun 13 10:54:53 racoon: DEBUG: HASH with:
    Jun 13 10:54:53 racoon: DEBUG: e934f53c 0a000034 00000001 00000001 00000028 01030401 60164739 0000001c 01020000 80050002 80040001 80010001 00020004 00007080 0500000c 992de9d7 5a091dfa 0500000c 012f0000 ac500001 0000000c 012f0000 ac3c0001
    Jun 13 10:54:53 racoon: DEBUG: hmac(hmac_sha1)
    Jun 13 10:54:53 racoon: DEBUG: HASH computed:
    Jun 13 10:54:53 racoon: DEBUG: b7e0435c 99a1d7f6 201f2ddd 2fadf891 ee9a5b20
    Jun 13 10:54:53 racoon: DEBUG: getsainfo params: loc='172.60.0.1' rmt='172.80.0.1' peer='x.x.x.x' client='x.x.x.x' id=1
    Jun 13 10:54:53 racoon: DEBUG: evaluating sainfo: loc='x.x.x.x', rmt='x.x.x.x', peer='ANY', id=1
    Jun 13 10:54:53 racoon: DEBUG: check and compare ids : proto_id mismatch 0 != 47
    Jun 13 10:54:53 racoon: ERROR: failed to get sainfo.
    Jun 13 10:54:53 racoon: ERROR: failed to get sainfo.
    Jun 13 10:54:53 racoon: [x.x.x.x]: [x.x.x.x] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
    Jun 13 10:54:53 racoon: DEBUG: IV freed

    I have a feeling it has something to do with this:
    DEBUG: check and compare ids : proto_id mismatch 0 != 47

    Any help would be much appreciated!

    Thanks


Log in to reply