Racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway rep



  • can you help me
    my pfsense ipsec tunnels is not work

    error message is

    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.3.0/24[0] proto=any dir=out
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0] 192.168.1.0/24[0] proto=any dir=out
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.3.0/24[0] 192.168.1.0/24[0] proto=any dir=in
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in



  • At least "try" to use the search

    http://forum.pfsense.org/index.php?action=search
    keywords: "racoon: [Unknown Gateway/Dynamic]"

    (i dont use IPSEC on pfSense but with the search i was able to find an immediately answer to your question)



  • I try to use the search keywords: "racoon: [Unknown Gateway/Dynamic]"
    find many question.but i explored every avenue but could not find a solution.
    eveybody can help me?



  • Search Hint was gerat: 1st place I found this posting  ;D



  • my pfsense ipsec tunnels is still not work
    eveybody can help me?



  • Please post your config

    regards
    heiko



  • my VPN: IPsec:1

    Interface: wan
      Remote subnet:192.168.3.0/24
      Remote gateway:192.168.4.1

    Phase 1 proposal (Authentication)
      Negotiation mode:Aggressive
      My identifier:User FQDN–>123@test.com
      Encryption algorithm:3DES
      Hash algorithm:SHA1
      DH key group:2
      Lifetime:1200
      Authentication method:Pre-shared Key
      Pre-Shared Key:vpn

    Phase 2 proposal (SA/Key Exchange)
      Protocol:ESP
      Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
      Hash algorithms:SHA1,MD5
      PFS key group:Off
      Lifetime:1200

    my VPN: IPsec:2

    Interface: wan
      Remote subnet:192.168.1.0/24
      Remote gateway:192.168.4.2

    Phase 1 proposal (Authentication)
      Negotiation mode:Aggressive
      My identifier:User FQDN-->vpn@test.com
      Encryption algorithm:3DES
      Hash algorithm:SHA1
      DH key group:2
      Lifetime:1200
      Authentication method:Pre-shared Key
      Pre-Shared Key:vpn

    Phase 2 proposal (SA/Key Exchange)
      Protocol:ESP
      Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
      Hash algorithms:SHA1,MD5
      PFS key group:Off
      Lifetime:1200

    my Network 1
        wan ip:192.168.4.2/24
        lan ip: 192.168.1.16/24

    Netrowk 2

    wan ip:192.168.4.1/24
        lan ip: 192.168.3.20/24

    error message

    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.3.0/24[0] proto=any dir=out
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0] 192.168.1.0/24[0] proto=any dir=out
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.3.0/24[0] 192.168.1.0/24[0] proto=any dir=in
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in

    Thank you



  • Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..



  • @heiko:

    Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..

    I already delete the SPD's in the Diagnostics Page ,and then click on save on the ipsec configuration page.
              but it is not work ,the error message :

    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0]   
                        192.168.1.0/24[0] proto=any dir=out
    racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in
    racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
    racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
    racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
    racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
    racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
    racoon: INFO: ::1[500] used as isakmp port (fd=14)
    racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
    racoon: INFO: unsupported PF_KEY message REGISTER
    racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
    racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
    racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
    racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
    racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
    racoon: INFO: ::1[500] used as isakmp port (fd=14)
    racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)

    please help me thank you



  • Is this dynamic to dynamic, if it is so, it will not work in 1.2. Dynamic to static in agressive mode works with the enabled option on the static side "allow mobile clients".

    Regards
    Heiko



  • Thank you
    My Ipsec vpn is work

    I ping my virtual network ip ,after 2 second ,the Ipsec vpn is on,

    Thank You



  • Fine  :D


Log in to reply