Few newbie questions
-
hello gents
I`m trying to setup IPSEC tunnel between 2 pfSense box for test, but don't having success.
here configuration :
pf1 box :
WAN : 10.1.1.10
LAN : 192.168.1.1
IPsec settings:
Interface : WAN
Local subnet : LAN subnet
Remote subnet : 192.168.100.0 /24
Remote gateway: 10.1.1.20
Negotiation mode : main
My identifier : My IP adress
Encryption algorithm : 3DES
Hash algorithm : MD5
DH key group : 2
Lifetime : 1400
Authentication method : Preshared Key
Pre-Shared Key: 1234567890
Protocol :ESP
Encryption algorithms : 3DES
Hash algorithms : SHA1 , MD5
PFS key group: 2
Lifetime : 86400pf2 box :
WAN : 10.1.1.20
LAN : 192.168.100.1
IPsec settings:
Interface : WAN
Local subnet : LAN subnet
Remote subnet : 192.168.1.0 /24
Remote gateway: 10.1.1.10
Negotiation mode : main
My identifier : My IP adress
Encryption algorithm : 3DES
Hash algorithm : MD5
DH key group : 2
Lifetime : 1400
Authentication method : Preshared Key
Pre-Shared Key: 1234567890
Protocol :ESP
Encryption algorithms : 3DES
Hash algorithms : SHA1 , MD5
PFS key group: 2
Lifetime : 86400and nothing happen …
there few error on both boxes
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.1/32[0] 192.168.100.1/32[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.1/32[0] 192.168.1.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.100.1/32[0] 192.168.1.1/32[0] proto=any dir=in
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.1/32[0] proto=any dir=inso , i dont have any idea where is a "trouble" …
-
e.g. http://forum.pfsense.org/index.php/topic,9332.0.html
-
thanks , i have checked that b4 but that didnt help
also noticed in logs :
racoon: INFO: unsupported PF_KEY message REGISTER , what does it mean ? -
is this a ipsec-test and you are running this setup on one switch?
-
yes , on one switch
-
please try a crossover cable for the wan ports or a second switch and try again
-
i`ll try it tomorrow and repost any result , btw what the difference is if both boxes are on one switch ?
-
ok , problem solved 8)
after new test all working.
but why IPSEC configuration dont work in one switch enviroment ? -
;)
regards
heiko