4. Azure Ipsec tunnels ERROR: failed to get sainfo.

Azure Ipsec tunnels ERROR: failed to get sainfo.

  • G

    I'm trying to get 4 tunnels running between azure and pfsense. They seem to working, I can ping etc but the connection keeps momentarily dropping all the time.

    The network in Azure is as follows:

    Address space:

    10.0.0.0/16

    Subnets:

    Az1: 10.0.1.0/21
    Az2: 10.0.8.0/21
    Az3: 10.0.128.0/21

    The local subnets are:

    L1: 10.1.0.0/24
    L2: 192.168.1.0/24
    L3: 192.168.2.0/24

    And I want the following tunnels:

    Az1 <-> L2
    Az2 <-> L1
    Az3 <-> L2
    Az3 <-> L3

    In the verbose ipsec logs it's complaining about mismatching subnets:

    Oct 17 13:23:44	racoon: DEBUG: getsainfo params: loc='10.1.0.0/24' rmt='10.0.0.0/16' peer='1.1.1.1' client='1.1.1.1' id=1
Oct 17 13:23:44	racoon: DEBUG: evaluating sainfo: loc='10.1.0.0/24', rmt='10.0.8.0/21', peer='ANY', id=1
Oct 17 13:23:44	racoon: DEBUG: check and compare ids : values matched (IPv4_subnet)
Oct 17 13:23:44	racoon: DEBUG: cmpid target: '10.1.0.0/24'
Oct 17 13:23:44	racoon: DEBUG: cmpid source: '10.1.0.0/24'
Oct 17 13:23:44	racoon: DEBUG: check and compare ids : value mismatch (IPv4_subnet)
Oct 17 13:23:44	racoon: DEBUG: cmpid target: '10.0.0.0/16'
Oct 17 13:23:44	racoon: DEBUG: cmpid source: '10.0.8.0/21'
Oct 17 13:23:44	racoon: DEBUG: evaluating sainfo: loc='192.168.1.0/24', rmt='10.0.128.0/21', peer='ANY', id=1
Oct 17 13:23:44	racoon: DEBUG: check and compare ids : value mismatch (IPv4_subnet)
Oct 17 13:23:44	racoon: DEBUG: cmpid target: '10.1.0.0/24'
Oct 17 13:23:44	racoon: DEBUG: cmpid source: '192.168.1.0/24'
Oct 17 13:23:44	racoon: DEBUG: evaluating sainfo: loc='192.168.2.0/24', rmt='10.0.128.0/21', peer='ANY', id=1
Oct 17 13:23:44	racoon: DEBUG: check and compare ids : value mismatch (IPv4_subnet)
Oct 17 13:23:44	racoon: DEBUG: cmpid target: '10.1.0.0/24'
Oct 17 13:23:44	racoon: DEBUG: cmpid source: '192.168.2.0/24'
Oct 17 13:23:44	racoon: ERROR: failed to get sainfo.
Oct 17 13:23:44	racoon: ERROR: failed to get sainfo.
Oct 17 13:23:44	racoon: [azure]: [1.1.1.1] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).
Oct 17 13:23:44	racoon: DEBUG: IV freed

Can anyone see what's wrong? I want to start doing some large data transfers to Azure but can't if the tunnels keep dropping![/azure]
    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy