Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec service not starting

    Scheduled Pinned Locked Moved IPsec
    5 Posts 2 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      luci2200
      last edited by

      Hello, I have two pf Senses and I setup the LAN interface so I can make a IPSec connexion. I use on one pfSense 10.10.6.1 and fr the second 192.168.11.1. I made The VPN tunnel with the same options on the both sides. I made a firewall rule to allow all trafic on LAN, full access. after I rebooted the pfsenses I go to Status -> Services and the racoon IPSEC VPN is stopped. I try to start the service but it don't start. What can I do? How cand I start the VPN service? Do you have any ideea?

      Lucian

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Can you give us some details how your tunnels are set up?

        1 Reply Last reply Reply Quote 0
        • L
          luci2200
          last edited by

          I setup IPSec on LAN not WAN because I want test the tunnels first. I used the same options on the both pfsenses. First I made a firewall rule on both pfsenses to allow all traffic on all ports in the LAN tab. I also made a rule after setup IPSec on IPSec tab to allow all trafiic on all ports. I made the setup for WAN and I put a static IP address and the IPSec service start running. Now after setup IPSec with the following choices:

          • Mode  Tunnel
          • Interface      LAN
          • Local subnet  Network
              Addresses 192.168.11.0/24
          • Remote subnet 10.10.6.0/24
          • Remote gateway 10.10.6.12
          • Description  VPN to 10.10.6.12
          • Negotiation mode  Aggressive
          • My identifier  Domain name same on both
          • Encryption algorithm  Blowfish
          • Hash algorithm    MD5
          • DH key group  1
          • Lifetime  28800
          • Authentication method    Pre-shared key
          • Pre-Shared Key same on both sides
          • Protocol ESP
          • Encryption algorithms Blowfish
          • Hash algorithms  MD5
          • PFS key group 1
          • Lifetime    86400
          • Automatically ping host  the other tunnel side 10.10.6.1

          After reboot I go to system logs an IPSec I get the following errors:

          Apr 18 17:51:27 racoon: ERROR: failed to begin ipsec sa negotication.
          Apr 18 17:51:27 racoon: ERROR: phase1 negotiation failed due to send error. 33a8e908ddc2701c:0000000000000000
          Apr 18 17:51:27 racoon: ERROR: sendfromto failed
          Apr 18 17:51:27 racoon: INFO: begin Identity Protection mode.
          Apr 18 17:51:27 racoon: [VPN spre 10.10.6.12]: INFO: initiate new phase 1 negotiation: 192.168.11.12[500]<=>10.10.6.12[500]
          Apr 18 17:51:27 racoon: [VPN spre 10.10.6.12]: INFO: IPsec-SA request for 10.10.6.12 queued due to no phase1 found.

          I will look for more informations and I will try to make different setups. but I don't understand what I'm doing wrong. Thank you!

          Lucian

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            @luci2200:

            …

            • Remote subnet 10.10.6.0/24
            • Remote gateway 10.10.6.12
              ...

            The remote gateway is inside the remote subnet? How should that work? You are confusing the system. I guess the ipsec service refuses to start with such a nonsense config  ;)

            You really should just set it up the way it should be in the end, wan to wan. It's dead simple, really.

            1 Reply Last reply Reply Quote 0
            • L
              luci2200
              last edited by

              Hello, The service is up and running after I setup the WAN interfaces. Was my mistake. It was for the first time when I had to setup a VPN. Noe I know what I did wrong!  ;) The VPN now is running. Thank you!

              Lucian

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.