Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway rep

    IPsec
    4
    12
    44.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bigangel
      last edited by

      can you help me
      my pfsense ipsec tunnels is not work

      error message is

      racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.3.0/24[0] proto=any dir=out
      racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0] 192.168.1.0/24[0] proto=any dir=out
      racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.3.0/24[0] 192.168.1.0/24[0] proto=any dir=in
      racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        At least "try" to use the search

        http://forum.pfsense.org/index.php?action=search
        keywords: "racoon: [Unknown Gateway/Dynamic]"

        (i dont use IPSEC on pfSense but with the search i was able to find an immediately answer to your question)

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • B
          Bigangel
          last edited by

          I try to use the search keywords: "racoon: [Unknown Gateway/Dynamic]"
          find many question.but i explored every avenue but could not find a solution.
          eveybody can help me?

          1 Reply Last reply Reply Quote 0
          • F
            FBI01
            last edited by

            Search Hint was gerat: 1st place I found this posting  ;D

            1 Reply Last reply Reply Quote 0
            • B
              Bigangel
              last edited by

              my pfsense ipsec tunnels is still not work
              eveybody can help me?

              1 Reply Last reply Reply Quote 0
              • H
                heiko
                last edited by

                Please post your config

                regards
                heiko

                1 Reply Last reply Reply Quote 0
                • B
                  Bigangel
                  last edited by

                  my VPN: IPsec:1

                  Interface: wan
                    Remote subnet:192.168.3.0/24
                    Remote gateway:192.168.4.1

                  Phase 1 proposal (Authentication)
                    Negotiation mode:Aggressive
                    My identifier:User FQDN–>123@test.com
                    Encryption algorithm:3DES
                    Hash algorithm:SHA1
                    DH key group:2
                    Lifetime:1200
                    Authentication method:Pre-shared Key
                    Pre-Shared Key:vpn

                  Phase 2 proposal (SA/Key Exchange)
                    Protocol:ESP
                    Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
                    Hash algorithms:SHA1,MD5
                    PFS key group:Off
                    Lifetime:1200

                  my VPN: IPsec:2

                  Interface: wan
                    Remote subnet:192.168.1.0/24
                    Remote gateway:192.168.4.2

                  Phase 1 proposal (Authentication)
                    Negotiation mode:Aggressive
                    My identifier:User FQDN-->vpn@test.com
                    Encryption algorithm:3DES
                    Hash algorithm:SHA1
                    DH key group:2
                    Lifetime:1200
                    Authentication method:Pre-shared Key
                    Pre-Shared Key:vpn

                  Phase 2 proposal (SA/Key Exchange)
                    Protocol:ESP
                    Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
                    Hash algorithms:SHA1,MD5
                    PFS key group:Off
                    Lifetime:1200

                  my Network 1
                      wan ip:192.168.4.2/24
                      lan ip: 192.168.1.16/24

                  Netrowk 2

                  wan ip:192.168.4.1/24
                      lan ip: 192.168.3.20/24

                  error message

                  racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.3.0/24[0] proto=any dir=out
                  racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0] 192.168.1.0/24[0] proto=any dir=out
                  racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.3.0/24[0] 192.168.1.0/24[0] proto=any dir=in
                  racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in

                  Thank you

                  1 Reply Last reply Reply Quote 0
                  • H
                    heiko
                    last edited by

                    Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..

                    1 Reply Last reply Reply Quote 0
                    • B
                      Bigangel
                      last edited by

                      @heiko:

                      Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..

                      I already delete the SPD's in the Diagnostics Page ,and then click on save on the ipsec configuration page.
                                but it is not work ,the error message :

                      racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0]   
                                          192.168.1.0/24[0] proto=any dir=out
                      racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in
                      racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
                      racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
                      racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
                      racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
                      racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
                      racoon: INFO: ::1[500] used as isakmp port (fd=14)
                      racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
                      racoon: INFO: unsupported PF_KEY message REGISTER
                      racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
                      racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
                      racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
                      racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
                      racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
                      racoon: INFO: ::1[500] used as isakmp port (fd=14)
                      racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)

                      please help me thank you

                      1 Reply Last reply Reply Quote 0
                      • H
                        heiko
                        last edited by

                        Is this dynamic to dynamic, if it is so, it will not work in 1.2. Dynamic to static in agressive mode works with the enabled option on the static side "allow mobile clients".

                        Regards
                        Heiko

                        1 Reply Last reply Reply Quote 0
                        • B
                          Bigangel
                          last edited by

                          Thank you
                          My Ipsec vpn is work

                          I ping my virtual network ip ,after 2 second ,the Ipsec vpn is on,

                          Thank You

                          1 Reply Last reply Reply Quote 0
                          • H
                            heiko
                            last edited by

                            Fine  :D

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.