IPSec errors on startup

rwalker · Apr 16, 2008, 9:11 AM

When raccoon starts up on a new pair of 1.2-Release firewalls I see errors like this:

Apr 16 04:01:11 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 90f16c2e3f29d7c9:67f127c8af406577:0000b5e7
Apr 16 04:01:11 racoon: ERROR: no configuration found for peer address.

They continue until the service is stopped. I have setup countless pfSense IPSec tunnels and have looked everywhere for some idea of what could be causing this. This was a fresh install of pfSense 1.2-Release a few days ago. At this point I am thinking the image was corrupted or something since I have tried every combination of tunnels to different places with different gear and it doesn't matter. If anyone has even a remote idea, would love to hear it.

Thanks,
Roy

rwalker · Apr 16, 2008, 6:17 PM

I woke up this morning (afternoon actually) after beating my head against the wall last night and tunnels were working…

Turns out that raccoon crashed (there was a core dump in the root directory, which I didn't even think about and deleted), which most likely corrupted the IPSec state entries. Normally rebooting would have fixed this, however since I had pfSync on, the two boxes just passed the bad entries back and forth... :)

Had I thought to reset the state tables, it probably would have started working immediately. Luckily the IPSec timer was only 6 hours so after sleeping all was good.

Roy