Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Few newbie questions

    IPsec
    2
    9
    3249
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ikc last edited by

      hello gents
      I`m trying to setup IPSEC tunnel between 2 pfSense box for test, but don't having success.
      here configuration :
      pf1 box :
      WAN : 10.1.1.10
      LAN : 192.168.1.1 
      IPsec settings:
      Interface : WAN
      Local subnet : LAN subnet
      Remote subnet : 192.168.100.0 /24
      Remote gateway: 10.1.1.20
      Negotiation mode : main
      My identifier : My IP adress
      Encryption algorithm : 3DES
      Hash algorithm : MD5
      DH key group : 2
      Lifetime : 1400
      Authentication method : Preshared Key
      Pre-Shared Key: 1234567890
      Protocol :ESP
      Encryption algorithms : 3DES
      Hash algorithms : SHA1 , MD5
      PFS key group: 2
      Lifetime : 86400

      pf2 box :
      WAN : 10.1.1.20
      LAN : 192.168.100.1
      IPsec settings:
      Interface : WAN
      Local subnet : LAN subnet
      Remote subnet : 192.168.1.0 /24
      Remote gateway: 10.1.1.10
      Negotiation mode : main
      My identifier : My IP adress
      Encryption algorithm : 3DES
      Hash algorithm : MD5
      DH key group : 2
      Lifetime : 1400
      Authentication method : Preshared Key
      Pre-Shared Key: 1234567890
      Protocol :ESP
      Encryption algorithms : 3DES
      Hash algorithms : SHA1 , MD5
      PFS key group: 2
      Lifetime : 86400

      and nothing happen …

      there few error on both boxes
      racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.1/32[0] 192.168.100.1/32[0] proto=any dir=out
      racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.1/32[0] 192.168.1.0/24[0] proto=any dir=out
      racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.100.1/32[0] 192.168.1.1/32[0] proto=any dir=in
      racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.1/32[0] proto=any dir=in

      so , i dont have any idea where is a "trouble" …

      1 Reply Last reply Reply Quote 0
      • H
        heiko last edited by

        e.g. http://forum.pfsense.org/index.php/topic,9332.0.html

        1 Reply Last reply Reply Quote 0
        • I
          ikc last edited by

          thanks , i have checked that b4 but that didnt help
          also noticed in logs :
          racoon: INFO: unsupported PF_KEY message REGISTER , what does it mean ?

          1 Reply Last reply Reply Quote 0
          • H
            heiko last edited by

            is this a ipsec-test and you are running this setup on one switch?

            1 Reply Last reply Reply Quote 0
            • I
              ikc last edited by

              yes , on one switch

              1 Reply Last reply Reply Quote 0
              • H
                heiko last edited by

                please try a crossover cable for the wan ports or a second switch and try again

                1 Reply Last reply Reply Quote 0
                • I
                  ikc last edited by

                  i`ll try it tomorrow and repost any result , btw what the difference is if both boxes are on one switch ?

                  1 Reply Last reply Reply Quote 0
                  • I
                    ikc last edited by

                    ok , problem solved  8)
                    after new test all working.
                    but why IPSEC configuration dont work in one switch enviroment ?

                    1 Reply Last reply Reply Quote 0
                    • H
                      heiko last edited by

                      ;)
                      regards
                      heiko

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post