IPSEC using CARP IP error

emil · Apr 2, 2015, 3:57 PM

Is there a known problem with IPSEC VPN?

When I use CARP IP for IPSEC tunnel wont come ip and receive this error: there is no IKE config found, and ERROR: notification NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.
If I use WAN interface address all is good and tunnel is up. How should I make it work on CARP interface? Thanks.

dotdash · Apr 2, 2015, 4:22 PM

Did you check the identifier per this post?
https://forum.pfsense.org/index.php?topic=91107.0

emil · Apr 2, 2015, 8:07 PM

Yes I did. But not luck. :-\

dotdash · Apr 2, 2015, 9:28 PM

I'm running a Tunnel from 2.2.1 on an CARP to a 2.15 on a CARP right now, didn't change the identifier from 'My IP address'
Works fine. I did make sure prefer old SAs was off (set to 0, per the sticky)

emil · Apr 3, 2015, 12:19 PM

I have reconfigure it and now it works. Only issue I have is that I am not able communicate over OPT1 interface that I want to use for pfSync, no ping or any traffic passing. I had to use LAN interface for pfsync and all is good and than CARP is working. Any idea why OPT1 on pfsense1 is not able to ping OPT1 in pfsense2 if they are on the same network? Odd. I am running those two pfsense VMs on Hyper-V 2012R2.

emil · Apr 3, 2015, 6:24 PM

I was able to fix the issue by removing virtual network adapter for VM in hyper-v and add new one. After that all works. For some reason OPT1 was using difference MAC address than virtual NIC assigned in hyper-v. All is good now and working correctly.