IPSec errors on startup



  • When raccoon starts up on a new pair of 1.2-Release firewalls I see errors like this:

    Apr 16 04:01:11 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 90f16c2e3f29d7c9:67f127c8af406577:0000b5e7
    Apr 16 04:01:11 racoon: ERROR: no configuration found for peer address.

    They continue until the service is stopped.  I have setup countless pfSense IPSec tunnels and have looked everywhere for some idea of what could be causing this.  This was a fresh install of pfSense 1.2-Release a few days ago.  At this point I am thinking the image was corrupted or something since I have tried every combination of tunnels to different places with different gear and it doesn't matter.  If anyone has even a remote idea, would love to hear it.

    Thanks,
    Roy



  • I woke up this morning (afternoon actually) after beating my head against the wall last night and tunnels were working…

    Turns out that raccoon crashed (there was a core dump in the root directory, which I didn't even think about and deleted), which most likely corrupted the IPSec state entries.  Normally rebooting would have fixed this, however since I had pfSync on, the two boxes just passed the bad entries back and forth... :)

    Had I thought to reset the state tables, it probably would have started working immediately.  Luckily the IPSec timer was only 6 hours so after sleeping all was good.

    Roy


Locked