Has anybody seen this error?



  • racoon: ERROR: couldn't find configuration.

    I've searched the boards, and had no luck.  I'm running 1.2 release, clean install on a p3 800 pc, 384MB ram, dual wan, no failover. I'm trying to set up the ipsec connection on the secondary wan link (OPT1).

    any help would be greatly appreciated.



  • No, that one is totally new to me. Is this a full install, livecd or embedded image? Also do you see other messages in the log indicating a problem? Is this mobile client ipsec or static tunnel ipsec or both? Does it work after a reboot?



  • it's a full install. pfsense to pfsense setup.  the remote side is 1.2 rc2 full install with 8 other ipsec tunnels terminated to it.  all of those tunnels use either 1.2 rc4 embedded or 1.2 rc2 full. it doesnt work after a reboot. and i've tried reconfiguring the tunnel on the local end. 
    here's a snippet of the ipsec log.

    Apr 10 17:48:06 last message repeated 4 times
    Apr 10 17:47:26 racoon: ERROR: couldn't find configuration.
    Apr 10 17:45:34 racoon: INFO: delete phase 2 handler.
    Apr 10 17:45:34 racoon: []: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP YYY.YYY.YYY.YYY[0]->XXX.XXX.XXX.XXX[0]
    Apr 10 17:45:32 racoon: ERROR: phase1 negotiation failed due to time up. 0b4a26b4774ccefc:0000000000000000
    Apr 10 17:45:04 racoon: []: INFO: phase2 sa deleted XXX.XXX.XXX.XXX-YYY.YYY.YYY.YYY
    Apr 10 17:45:03 racoon: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
    Apr 10 17:45:03 racoon: []: INFO: phase2 sa expired XXX.XXX.XXX.XXX-YYY.YYY.YYY.YYY
    Apr 10 17:44:42 racoon: INFO: begin Aggressive mode.
    Apr 10 17:44:42 racoon: []: INFO: initiate new phase 1 negotiation: XXX.XXX.XXX.XXX[500]<=>YYY.YYY.YYY.YYY[500]
    Apr 10 17:44:42 racoon: []: INFO: IPsec-SA request for YYY.YYY.YYY.YYY queued due to no phase1 found.
    Apr 10 17:42:53 racoon: ERROR: couldn't find configuration.



  • You are sure that there is no typo somewhere? To me it looks like they try to establish a tunnel but the one end doesn't have a matching configuration for the end that tries to tunnels in.



  • "Apr 10 17:44:42    racoon: []: INFO: IPsec-SA request for YYY.YYY.YYY.YYY queued due to no phase1 found."

    Fix your phase 1 settings.



  • Ok, I've completely re-setup my ipsec link and no luck. I've paid attention to make sure I didnt typo or pick a wrong setting.
    Could something possibly be wrong with a file or a part of a file missing?
    That error message "racoon: ERROR: couldn't find configuration." really has me concerned.



  • We need more info on your setup. Please provide tunnelsettings and specifications of your WAN connections on both sides. Just replace the last few blocks of public IPs with some characters and change the secrets and so on to something else when posting. As you have other tunnels at the one location working without issues there is probably something special with the one new location.



  • the only difference with the new location was 1.2 release version.  I have just downgraded to 1.2 rc2 to get things rolling. tunnel is up and running 
    thanks for all the help, and I do apologize for switching it out. I needed to get it going.


Locked