Racoon "unsupported PF_KEY message REGISTER"



  • I keep getting this error. "unsupported PF_KEY message REGISTER"

    I set it up in the GUI, but the config is shown below.  the remote party tells me it's a Cicso 5510.

    According the the other party, they are choosing this in their VPN wizard:

    Site-to-Site
    VPN tunnel interface "outside"
    Peer 9.10.36.78
    preshared key XXXXXXX
    tunnel group name 9.10.36.78
    IKE Policy - 3DES/SHA/2
    IPSEC Enc and Auth - 3DES/SHA

    ipsec.log:

    Jun 30 14:54:12 pfSense001 racoon: INFO: 9.10.36.70[500] used as isakmp port (fd=28)
    Jun 30 14:54:12 pfSense001 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=29)
    Jun 30 14:54:12 pfSense001 racoon: INFO: ::1[500] used as isakmp port (fd=30)
    Jun 30 14:54:12 pfSense001 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=31)
    Jun 30 14:54:12 pfSense001 racoon: INFO: fe80::20d:56ff:fefe:4687%bge1[500] used as isakmp port (fd=32)
    Jun 30 14:54:12 pfSense001 racoon: INFO: 10.1.10.2[500] used as isakmp port (fd=33)
    Jun 30 14:54:12 pfSense001 racoon: INFO: fe80::20d:56ff:fefe:4686%bge0[500] used as isakmp port (fd=34)
    Jun 30 14:54:12 pfSense001 racoon: INFO: 9.10.36.78[500] used as isakmp port (fd=35)
    Jun 30 14:54:12 pfSense001 racoon: INFO: unsupported PF_KEY message REGISTER

    /var/etc/racoon.conf:

    path pre_shared_key "/var/etc/psk.txt";

    path certificate  "/var/etc";

    remote 9.10.63.34 {
            exchange_mode main;
            my_identifier address "9.10.36.78";

    peers_identifier address 9.10.63.34;
            initial_contact on;
            support_proxy on;
            proposal_check obey;

    proposal {
                    encryption_algorithm 3des;
                    hash_algorithm sha1;
                    authentication_method pre_shared_key;
                    dh_group 2;
            }
    }

    sainfo address 10.1.10.0/24 any address 10.0.0.0/24 any {
            encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
            authentication_algorithm hmac_sha1;
            compression_algorithm deflate;
    }


Log in to reply