4. Few newbie questions

Few newbie questions

  • I

    hello gents
    I`m trying to setup IPSEC tunnel between 2 pfSense box for test, but don't having success.
    here configuration :
    pf1 box :
    WAN : 10.1.1.10
    LAN : 192.168.1.1 
    IPsec settings:
    Interface : WAN
    Local subnet : LAN subnet
    Remote subnet : 192.168.100.0 /24
    Remote gateway: 10.1.1.20
    Negotiation mode : main
    My identifier : My IP adress
    Encryption algorithm : 3DES
    Hash algorithm : MD5
    DH key group : 2
    Lifetime : 1400
    Authentication method : Preshared Key
    Pre-Shared Key: 1234567890
    Protocol :ESP
    Encryption algorithms : 3DES
    Hash algorithms : SHA1 , MD5
    PFS key group: 2
    Lifetime : 86400

    pf2 box :
    WAN : 10.1.1.20
    LAN : 192.168.100.1
    IPsec settings:
    Interface : WAN
    Local subnet : LAN subnet
    Remote subnet : 192.168.1.0 /24
    Remote gateway: 10.1.1.10
    Negotiation mode : main
    My identifier : My IP adress
    Encryption algorithm : 3DES
    Hash algorithm : MD5
    DH key group : 2
    Lifetime : 1400
    Authentication method : Preshared Key
    Pre-Shared Key: 1234567890
    Protocol :ESP
    Encryption algorithms : 3DES
    Hash algorithms : SHA1 , MD5
    PFS key group: 2
    Lifetime : 86400

    and nothing happen …

    there few error on both boxes
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.1/32[0] 192.168.100.1/32[0] proto=any dir=out
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.1/32[0] 192.168.1.0/24[0] proto=any dir=out
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.100.1/32[0] 192.168.1.1/32[0] proto=any dir=in
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.1/32[0] proto=any dir=in

    so , i dont have any idea where is a "trouble" …

    0
  • H

    e.g. http://forum.pfsense.org/index.php/topic,9332.0.html

    0
  • I

    thanks , i have checked that b4 but that didnt help
    also noticed in logs :
    racoon: INFO: unsupported PF_KEY message REGISTER , what does it mean ?

    0
  • H

    is this a ipsec-test and you are running this setup on one switch?

    0
  • I

    yes , on one switch

    0
  • H

    please try a crossover cable for the wan ports or a second switch and try again

    0
  • I

    i`ll try it tomorrow and repost any result , btw what the difference is if both boxes are on one switch ?

    0
  • I

    ok , problem solved  8)
    after new test all working.
    but why IPSEC configuration dont work in one switch enviroment ?

    0
  • H

    ;)
    regards
    heiko

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy