Racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway rep

Bigangel

can you help me
my pfsense ipsec tunnels is not work

error message is

racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.3.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0] 192.168.1.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.3.0/24[0] 192.168.1.0/24[0] proto=any dir=in
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in

GruensFroeschli

At least "try" to use the search

http://forum.pfsense.org/index.php?action=search
keywords: "racoon: [Unknown Gateway/Dynamic]"

(i dont use IPSEC on pfSense but with the search i was able to find an immediately answer to your question)

Bigangel

I try to use the search keywords: "racoon: [Unknown Gateway/Dynamic]"
find many question.but i explored every avenue but could not find a solution.
eveybody can help me?

FBI01

Search Hint was gerat: 1st place I found this posting  ;D

Bigangel

my pfsense ipsec tunnels is still not work
eveybody can help me?

heiko

Please post your config

regards
heiko

Bigangel

my VPN: IPsec:1

Interface: wan
  Remote subnet:192.168.3.0/24
  Remote gateway:192.168.4.1

Phase 1 proposal (Authentication)
  Negotiation mode:Aggressive
  My identifier:User FQDN–>123@test.com
  Encryption algorithm:3DES
  Hash algorithm:SHA1
  DH key group:2
  Lifetime:1200
  Authentication method:Pre-shared Key
  Pre-Shared Key:vpn

Phase 2 proposal (SA/Key Exchange)
  Protocol:ESP
  Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
  Hash algorithms:SHA1,MD5
  PFS key group:Off
  Lifetime:1200

my VPN: IPsec:2

Interface: wan
  Remote subnet:192.168.1.0/24
  Remote gateway:192.168.4.2

Phase 1 proposal (Authentication)
  Negotiation mode:Aggressive
  My identifier:User FQDN-->vpn@test.com
  Encryption algorithm:3DES
  Hash algorithm:SHA1
  DH key group:2
  Lifetime:1200
  Authentication method:Pre-shared Key
  Pre-Shared Key:vpn

Phase 2 proposal (SA/Key Exchange)
  Protocol:ESP
  Encryption algorithms:select 3DES ,Blowfish,CAST128,Rijndael (AES),Rijndael 256
  Hash algorithms:SHA1,MD5
  PFS key group:Off
  Lifetime:1200

my Network 1
    wan ip:192.168.4.2/24
    lan ip: 192.168.1.16/24

Netrowk 2

wan ip:192.168.4.1/24
    lan ip: 192.168.3.20/24

error message

racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.3.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0] 192.168.1.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.3.0/24[0] 192.168.1.0/24[0] proto=any dir=in
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in

Thank you

heiko

Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..

Bigangel

@heiko:

Please delete this SPD´s in the Diagnostics Page for ipsec, and then click on save on the ipsec configuration page. After that we will see…..

I already delete the SPD's in the Diagnostics Page ,and then click on save on the ipsec configuration page.
          but it is not work ,the error message :

racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.16/32[0]   
                    192.168.1.0/24[0] proto=any dir=out
racoon: [Unknown Gateway/Dynamic]: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.16/32[0] proto=any dir=in
racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
racoon: INFO: ::1[500] used as isakmp port (fd=14)
racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
racoon: INFO: unsupported PF_KEY message REGISTER
racoon: [Self]: INFO: 192.168.1.16[500] used as isakmp port (fd=19)
racoon: INFO: fe80::250:baff:fef0:1e09%vr0[500] used as isakmp port (fd=18)
racoon: [Self]: INFO: 192.168.4.2[500] used as isakmp port (fd=17)
racoon: INFO: fe80::200:e8ff:fe4e:ae71%dc0[500] used as isakmp port (fd=16)
racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
racoon: INFO: ::1[500] used as isakmp port (fd=14)
racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)

please help me thank you

heiko

Is this dynamic to dynamic, if it is so, it will not work in 1.2. Dynamic to static in agressive mode works with the enabled option on the static side "allow mobile clients".

Regards
Heiko

Bigangel

Thank you
My Ipsec vpn is work

I ping my virtual network ip ,after 2 second ,the Ipsec vpn is on,

Thank You

heiko

Fine  :D