• Pessoal,

    Estou com dificuldades de fechar um túnel via ipsec de dois pfsense.. aqui vai os logs

    Pfsense 2.1-R0 - Lodo A (velox)

    Nov 26 23:42:20 racoon: INFO: unsupported PF_KEY message REGISTER
    Nov 26 23:42:21 racoon: INFO: unsupported PF_KEY message REGISTER
    Nov 26 23:42:21 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.2.0/24[0] 192.168.0.0/24[0] proto=any dir=out
    Nov 26 23:42:21 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.0.0/24[0] 192.168.2.0/24[0] proto=any dir=in
    Nov 26 23:43:55 racoon: INFO: unsupported PF_KEY message REGISTER
    Nov 26 23:43:56 racoon: INFO: unsupported PF_KEY message REGISTER
    Nov 26 23:44:48 racoon: [189.71.XXX.221] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
    Nov 26 23:44:58 racoon: [189.71.XXX.221] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
    Nov 26 23:45:08 racoon: [189.71.XXC.221] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
    Nov 26 23:45:18 racoon: [189.71.XXX.221] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
    Nov 26 23:45:28 racoon: [189.71.XXX.221] ERROR: exchange Identity Protection not allowed in any applicable rmconf.

    Pfsense 2.1.5 - Lado B (embratel)

    Nov 26 23:46:44 racoon: INFO: caught signal 15
    Nov 26 23:46:44 racoon: INFO: racoon process 59736 shutdown
    Nov 26 23:46:49 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
    Nov 26 23:46:49 racoon: INFO: @(#)This product linked OpenSSL 1.0.1i 6 Aug 2014 (http://www.openssl.org/)
    Nov 26 23:46:49 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
    Nov 26 23:46:49 racoon: [Self]: INFO: 189.XX.XXX.221[4500] used for NAT-T
    Nov 26 23:46:49 racoon: [Self]: INFO: 189.XX.XXX.221[4500] used as isakmp port (fd=14)
    Nov 26 23:46:49 racoon: [Self]: INFO: 189.XX.XXX.221[500] used for NAT-T
    Nov 26 23:46:49 racoon: [Self]: INFO: 189.XX.XXX.221[500] used as isakmp port (fd=15)
    Nov 26 23:46:49 racoon: INFO: unsupported PF_KEY message REGISTER
    Nov 26 23:46:49 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.1/32[0] 192.168.0.0/24[0] proto=any dir=out
    Nov 26 23:46:49 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.0/24[0] 192.168.0.1/32[0] proto=any dir=in
    Nov 26 23:46:49 racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.0/24[0] 192.168.2.0/24[0] proto=any dir=out
    Nov 26 23:46:49 racoon: ERROR: such policy already exists. anyway replace it: 192.168.2.0/24[0] 192.168.0.0/24[0] proto=any dir=in


  • bom pelo o que eu entendi do log é como se o ip do tunnel já existisse em alguma interface. Ou seja esta dando um overlap no endereçamento. Pode ser que estou errado mais tenta colocar como ip do tunnel 172.16.0.0/24 , ou 10.0.0.0/24.
    Dá um olhada nas regras do firewall…

    Se puder posta ai as configurações.