• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway rep

Scheduled Pinned Locked Moved IPsec
12 Posts 4 Posters 44.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    Bigangel
    last edited by Jul 3, 2008, 8:36 AM

    can you help me
    my pfsense ipsec tunnels is not work

    error message is

    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.3.0/24[0] proto=any dir=out
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0] 192.168.1.0/24[0] proto=any dir=out
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.3.0/24[0] 192.168.1.0/24[0] proto=any dir=in
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in

    1 Reply Last reply Reply Quote 0
    • G
      GruensFroeschli
      last edited by Jul 3, 2008, 9:19 AM

      At least "try" to use the search

      http://forum.pfsense.org/index.php?action=search
      keywords: "racoon: [Unknown Gateway/Dynamic]"

      (i dont use IPSEC on pfSense but with the search i was able to find an immediately answer to your question)

      We do what we must, because we can.

      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

      1 Reply Last reply Reply Quote 0
      • B
        Bigangel
        last edited by Jul 3, 2008, 1:38 PM

        I try to use the search keywords: "racoon: [Unknown Gateway/Dynamic]"
        find many question.but i explored every avenue but could not find a solution.
        eveybody can help me?

        1 Reply Last reply Reply Quote 0
        • F
          FBI01
          last edited by Aug 24, 2008, 11:04 AM

          Search Hint was gerat: 1st place I found this posting  ;D

          1 Reply Last reply Reply Quote 0
          • B
            Bigangel
            last edited by Aug 27, 2008, 10:04 AM

            my pfsense ipsec tunnels is still not work
            eveybody can help me?

            1 Reply Last reply Reply Quote 0
            • H
              heiko
              last edited by Aug 27, 2008, 11:28 AM

              Please post your config

              regards
              heiko

              1 Reply Last reply Reply Quote 0
              • B
                Bigangel
                last edited by Aug 28, 2008, 7:52 AM

                my VPN: IPsec:1

                Interface: wan
                  Remote subnet:192.168.3.0/24
                  Remote gateway:192.168.4.1

                Phase 1 proposal (Authentication)
                  Negotiation mode:Aggressive
                  My identifier:User FQDN–>123@test.com
                  Encryption algorithm:3DES
                  Hash algorithm:SHA1
                  DH key group:2
                  Lifetime:1200
                  Authentication method:Pre-shared Key
                  Pre-Shared Key:vpn

                Phase 2 proposal (SA/Key Exchange)
                  Protocol:ESP
                  Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
                  Hash algorithms:SHA1,MD5
                  PFS key group:Off
                  Lifetime:1200

                my VPN: IPsec:2

                Interface: wan
                  Remote subnet:192.168.1.0/24
                  Remote gateway:192.168.4.2

                Phase 1 proposal (Authentication)
                  Negotiation mode:Aggressive
                  My identifier:User FQDN-->vpn@test.com
                  Encryption algorithm:3DES
                  Hash algorithm:SHA1
                  DH key group:2
                  Lifetime:1200
                  Authentication method:Pre-shared Key
                  Pre-Shared Key:vpn

                Phase 2 proposal (SA/Key Exchange)
                  Protocol:ESP
                  Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
                  Hash algorithms:SHA1,MD5
                  PFS key group:Off
                  Lifetime:1200

                my Network 1
                    wan ip:192.168.4.2/24
                    lan ip: 192.168.1.16/24

                Netrowk 2

                wan ip:192.168.4.1/24
                    lan ip: 192.168.3.20/24

                error message

                racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.3.0/24[0] proto=any dir=out
                racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0] 192.168.1.0/24[0] proto=any dir=out
                racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.3.0/24[0] 192.168.1.0/24[0] proto=any dir=in
                racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in

                Thank you

                1 Reply Last reply Reply Quote 0
                • H
                  heiko
                  last edited by Aug 28, 2008, 1:56 PM

                  Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..

                  1 Reply Last reply Reply Quote 0
                  • B
                    Bigangel
                    last edited by Sep 1, 2008, 9:54 AM

                    @heiko:

                    Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..

                    I already delete the SPD's in the Diagnostics Page ,and then click on save on the ipsec configuration page.
                              but it is not work ,the error message :

                    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0]   
                                        192.168.1.0/24[0] proto=any dir=out
                    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in
                    racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
                    racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
                    racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
                    racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
                    racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
                    racoon: INFO: ::1[500] used as isakmp port (fd=14)
                    racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
                    racoon: INFO: unsupported PF_KEY message REGISTER
                    racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
                    racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
                    racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
                    racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
                    racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
                    racoon: INFO: ::1[500] used as isakmp port (fd=14)
                    racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)

                    please help me thank you

                    1 Reply Last reply Reply Quote 0
                    • H
                      heiko
                      last edited by Sep 1, 2008, 5:42 PM

                      Is this dynamic to dynamic, if it is so, it will not work in 1.2. Dynamic to static in agressive mode works with the enabled option on the static side "allow mobile clients".

                      Regards
                      Heiko

                      1 Reply Last reply Reply Quote 0
                      • B
                        Bigangel
                        last edited by Sep 2, 2008, 4:06 AM

                        Thank you
                        My Ipsec vpn is work

                        I ping my virtual network ip ,after 2 second ,the Ipsec vpn is on,

                        Thank You

                        1 Reply Last reply Reply Quote 0
                        • H
                          heiko
                          last edited by Sep 2, 2008, 6:26 AM

                          Fine  :D

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received