Few newbie questions

ikc

hello gents
I`m trying to setup IPSEC tunnel between 2 pfSense box for test, but don't having success.
here configuration :
pf1 box :
WAN : 10.1.1.10
LAN : 192.168.1.1 
IPsec settings:
Interface : WAN
Local subnet : LAN subnet
Remote subnet : 192.168.100.0 /24
Remote gateway: 10.1.1.20
Negotiation mode : main
My identifier : My IP adress
Encryption algorithm : 3DES
Hash algorithm : MD5
DH key group : 2
Lifetime : 1400
Authentication method : Preshared Key
Pre-Shared Key: 1234567890
Protocol :ESP
Encryption algorithms : 3DES
Hash algorithms : SHA1 , MD5
PFS key group: 2
Lifetime : 86400

pf2 box :
WAN : 10.1.1.20
LAN : 192.168.100.1
IPsec settings:
Interface : WAN
Local subnet : LAN subnet
Remote subnet : 192.168.1.0 /24
Remote gateway: 10.1.1.10
Negotiation mode : main
My identifier : My IP adress
Encryption algorithm : 3DES
Hash algorithm : MD5
DH key group : 2
Lifetime : 1400
Authentication method : Preshared Key
Pre-Shared Key: 1234567890
Protocol :ESP
Encryption algorithms : 3DES
Hash algorithms : SHA1 , MD5
PFS key group: 2
Lifetime : 86400

and nothing happen …

there few error on both boxes
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.1/32[0] 192.168.100.1/32[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.1/32[0] 192.168.1.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.100.1/32[0] 192.168.1.1/32[0] proto=any dir=in
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.1/32[0] proto=any dir=in

so , i dont have any idea where is a "trouble" …

heiko

e.g. http://forum.pfsense.org/index.php/topic,9332.0.html

ikc

thanks , i have checked that b4 but that didnt help
also noticed in logs :
racoon: INFO: unsupported PF_KEY message REGISTER , what does it mean ?

heiko

is this a ipsec-test and you are running this setup on one switch?

ikc

yes , on one switch

heiko

please try a crossover cable for the wan ports or a second switch and try again

ikc

i`ll try it tomorrow and repost any result , btw what the difference is if both boxes are on one switch ?

ikc

ok , problem solved  8)
after new test all working.
but why IPSEC configuration dont work in one switch enviroment ?

heiko

;)
regards
heiko