Racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway rep

Bigangel · Jul 3, 2008, 8:36 AM

can you help me
my pfsense ipsec tunnels is not work

error message is

racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.3.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0] 192.168.1.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.3.0/24[0] 192.168.1.0/24[0] proto=any dir=in
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in

GruensFroeschli · Jul 3, 2008, 9:19 AM

At least "try" to use the search

http://forum.pfsense.org/index.php?action=search
keywords: "racoon: [Unknown Gateway/Dynamic]"

(i dont use IPSEC on pfSense but with the search i was able to find an immediately answer to your question)

Bigangel · Jul 3, 2008, 1:38 PM

I try to use the search keywords: "racoon: [Unknown Gateway/Dynamic]"
find many question.but i explored every avenue but could not find a solution.
eveybody can help me?

FBI01 · Aug 24, 2008, 11:04 AM

Search Hint was gerat: 1st place I found this posting ;D

Bigangel · Aug 27, 2008, 10:04 AM

my pfsense ipsec tunnels is still not work
eveybody can help me?

heiko · Aug 27, 2008, 11:28 AM

Please post your config

regards
heiko

Bigangel · Aug 28, 2008, 7:52 AM

my VPN: IPsec:1

Interface: wan
Remote subnet:192.168.3.0/24
Remote gateway:192.168.4.1

Phase 1 proposal (Authentication)
Negotiation mode:Aggressive
My identifier:User FQDN–>123@test.com
Encryption algorithm:3DES
Hash algorithm:SHA1
DH key group:2
Lifetime:1200
Authentication method:Pre-shared Key
Pre-Shared Key:vpn

Phase 2 proposal (SA/Key Exchange)
Protocol:ESP
Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
Hash algorithms:SHA1,MD5
PFS key group:Off
Lifetime:1200

my VPN: IPsec:2

Interface: wan
Remote subnet:192.168.1.0/24
Remote gateway:192.168.4.2

Phase 1 proposal (Authentication)
Negotiation mode:Aggressive
My identifier:User FQDN-->vpn@test.com
Encryption algorithm:3DES
Hash algorithm:SHA1
DH key group:2
Lifetime:1200
Authentication method:Pre-shared Key
Pre-Shared Key:vpn

Phase 2 proposal (SA/Key Exchange)
Protocol:ESP
Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
Hash algorithms:SHA1,MD5
PFS key group:Off
Lifetime:1200

my Network 1
wan ip:192.168.4.2/24
lan ip: 192.168.1.16/24

Netrowk 2

wan ip:192.168.4.1/24
lan ip: 192.168.3.20/24

error message

racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.3.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0] 192.168.1.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.3.0/24[0] 192.168.1.0/24[0] proto=any dir=in
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in

Thank you

heiko · Aug 28, 2008, 1:56 PM

Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..

Bigangel · Sep 1, 2008, 9:54 AM

@heiko:

Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..

I already delete the SPD's in the Diagnostics Page ,and then click on save on the ipsec configuration page.
but it is not work ,the error message :

racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0]
192.168.1.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in
racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
racoon: INFO: ::1[500] used as isakmp port (fd=14)
racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
racoon: INFO: unsupported PF_KEY message REGISTER
racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
racoon: INFO: ::1[500] used as isakmp port (fd=14)
racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)

please help me thank you

heiko · Sep 1, 2008, 5:42 PM

Is this dynamic to dynamic, if it is so, it will not work in 1.2. Dynamic to static in agressive mode works with the enabled option on the static side "allow mobile clients".

Regards
Heiko

Bigangel · Sep 2, 2008, 4:06 AM

Thank you
My Ipsec vpn is work

I ping my virtual network ip ,after 2 second ,the Ipsec vpn is on,

Thank You

heiko · Sep 2, 2008, 6:26 AM

Fine :D