Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tunel IPsec Error

    Scheduled Pinned Locked Moved Portuguese
    2 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thiagomespb
      last edited by

      Pessoal,

      Estou com dificuldades de fechar um túnel via ipsec de dois pfsense.. aqui vai os logs

      Pfsense 2.1-R0 - Lodo A (velox)

      Nov 26 23:42:20 racoon: INFO: unsupported PF_KEY message REGISTER
      Nov 26 23:42:21 racoon: INFO: unsupported PF_KEY message REGISTER
      Nov 26 23:42:21 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.2.0/24[0] 192.168.0.0/24[0] proto=any dir=out
      Nov 26 23:42:21 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.0.0/24[0] 192.168.2.0/24[0] proto=any dir=in
      Nov 26 23:43:55 racoon: INFO: unsupported PF_KEY message REGISTER
      Nov 26 23:43:56 racoon: INFO: unsupported PF_KEY message REGISTER
      Nov 26 23:44:48 racoon: [189.71.XXX.221] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
      Nov 26 23:44:58 racoon: [189.71.XXX.221] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
      Nov 26 23:45:08 racoon: [189.71.XXC.221] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
      Nov 26 23:45:18 racoon: [189.71.XXX.221] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
      Nov 26 23:45:28 racoon: [189.71.XXX.221] ERROR: exchange Identity Protection not allowed in any applicable rmconf.

      Pfsense 2.1.5 - Lado B (embratel)

      Nov 26 23:46:44 racoon: INFO: caught signal 15
      Nov 26 23:46:44 racoon: INFO: racoon process 59736 shutdown
      Nov 26 23:46:49 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
      Nov 26 23:46:49 racoon: INFO: @(#)This product linked OpenSSL 1.0.1i 6 Aug 2014 (http://www.openssl.org/)
      Nov 26 23:46:49 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
      Nov 26 23:46:49 racoon: [Self]: INFO: 189.XX.XXX.221[4500] used for NAT-T
      Nov 26 23:46:49 racoon: [Self]: INFO: 189.XX.XXX.221[4500] used as isakmp port (fd=14)
      Nov 26 23:46:49 racoon: [Self]: INFO: 189.XX.XXX.221[500] used for NAT-T
      Nov 26 23:46:49 racoon: [Self]: INFO: 189.XX.XXX.221[500] used as isakmp port (fd=15)
      Nov 26 23:46:49 racoon: INFO: unsupported PF_KEY message REGISTER
      Nov 26 23:46:49 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.1/32[0] 192.168.0.0/24[0] proto=any dir=out
      Nov 26 23:46:49 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.0/24[0] 192.168.0.1/32[0] proto=any dir=in
      Nov 26 23:46:49 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.0/24[0] 192.168.2.0/24[0] proto=any dir=out
      Nov 26 23:46:49 racoon: ERROR: such policy already exists. anyway replace it: 192.168.2.0/24[0] 192.168.0.0/24[0] proto=any dir=in

      1 Reply Last reply Reply Quote 0
      • M
        marcosmoya18
        last edited by

        bom pelo o que eu entendi do log é como se o ip do tunnel já existisse em alguma interface. Ou seja esta dando um overlap no endereçamento. Pode ser que estou errado mais tenta colocar como ip do tunnel 172.16.0.0/24 , ou 10.0.0.0/24.
        Dá um olhada nas regras do firewall…

        Se puder posta ai as configurações.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.