-
When I installed this the IPsec tunnel were no longer listed in the SA section. I tryed to resave the IPsec tunnels but it wouldn't recreate them.
-
As for me. IPSec not Work.
1.2.1-TESTING-SNAPSHOT
built on Wed Jul 9 01:01:43 EDT 2008Matteo
-
also the version 1.2.1-TESTING-SNAPSHOT - built on Thu Jul 10 00:10:45 EDT 2008 the ipsecs don't work.
Matteo
:(
-
I think this is something you will need to give them time to fix this.
-
here is my log
My log ( 1.2.1 testing 07-10)
Jul 10 20:15:11 racoon: ERROR: failed to pre-process packet.
Jul 10 20:15:11 racoon: ERROR: failed to get proposal for responder.
Jul 10 20:15:11 racoon: [Unknown Gateway/Dynamic]: ERROR: no policy found: remote lan/24[0] local Lan/24[0] proto=any dir=in
Jul 10 20:15:11 racoon: [Bas !!]: INFO: respond new phase 2 negotiation: local WAN[0]<=>remote wan[0]
Jul 10 20:15:01 racoon: ERROR: failed to pre-process packet.
Jul 10 20:15:01 racoon: ERROR: failed to get proposal for responder.
Jul 10 20:15:01 racoon: ERROR: no policy found: remote lan[0] local lan/24[0] proto=any dir=in
Jul 10 20:15:01 racoon: [Bas !!]: INFO: respond new phase 2 negotiation: local wan[0]<=>remote wan[0]Remote log (1.2 embedded)
Jul 10 19:50:00 racoon: INFO: ISAKMP-SA expired local wan[500]-My wan[500] spi:46ad15180bb8f90f:46f3c69382edae8e
Jul 10 19:50:00 racoon: ERROR: unknown Informational exchange received.
Jul 10 19:50:00 racoon: INFO: IPsec-SA request for My wan queued due to no phase1 found.
Jul 10 19:50:00 racoon: INFO: initiate new phase 1 negotiation: local wan[500]<=>my wan[500]
Jul 10 19:50:00 racoon: INFO: begin Aggressive mode.
Jul 10 19:50:00 racoon: INFO: received Vendor ID: DPDHope this helps… i you need anything more... lemme know....
-
What happens if you run /usr/local/sbin/setkey … Please post the output.
-
-
Please issue:
ls -lah /usr/local/sbin/
-
ls -lah /usr/local/sbin/
total 3366
drwxr-xr-x 2 root wheel 1.0K Jul 8 13:19 .
drwxr-xr-x 16 root wheel 512B Jul 8 13:18 ..
-r-xr-xr-x 1 root wheel 6.8K Jul 8 13:19 check_reload_status
-r-xr-xr-x 1 root wheel 7.1K Jul 8 13:19 choparp
-r-xr-xr-x 1 root wheel 31K Jul 8 12:08 dfuife_curses
-rwxr-xr-x 1 root wheel 505K Jul 8 13:19 dhcpd
-rwxr-xr-x 1 root wheel 128K Jul 8 13:19 dhcrelay
-r-xr-xr-x 1 root wheel 133K Jul 8 13:19 dnsmasq
-rwxr-xr-x 1 root wheel 9.9K Jul 8 13:19 expiretable
-r-xr-xr-x 1 root wheel 22K Jul 8 13:19 fping
-r-xr-xr-x 1 root wheel 15K Jul 8 13:19 ftpsesame
-r-xr-xr-x 1 root wheel 134K Jul 8 12:12 grub
-r-xr-xr-x 1 root wheel 13K Jul 8 12:12 grub-install
-r-xr-xr-x 1 root wheel 2.3K Jul 8 12:12 grub-md5-crypt
-r-xr-xr-x 1 root wheel 2.5K Jul 8 12:12 grub-set-default
-r-xr-xr-x 1 root wheel 2.4K Jul 8 12:12 grub-terminfo
-r-xr-xr-x 1 root wheel 157K Jul 8 13:19 lighttpd
-r-xr-xr-x 1 root wheel 43K Jul 8 13:19 miniupnpd
-r-xr-xr-x 1 root wheel 239K Jul 8 13:19 mpd
-r-xr-xr-x 1 root wheel 31K Jul 8 13:19 ntpd
-rwxr-xr-x 1 root wheel 152K Jul 8 13:19 olsrd
-r-xr-xr-x 1 root wheel 357K Jul 8 13:19 openvpn
-rwxr-xr-x 1 root wheel 8.5K Apr 14 19:31 pfSsh.php
-r-xr-xr-x 1 root wheel 98K Jul 8 13:19 pftop
-r-xr-xr-x 1 root wheel 22K Jul 8 13:19 pftpx
-rwxr-xr-x 1 root wheel 613B Nov 28 2005 ppp-linkup
-r-xr-xr-x 1 root wheel 1.0M Jul 8 13:19 racoon
-r-xr-xr-x 1 root wheel 48K Jul 8 13:19 racoonctl
-rwxr-xr-x 1 root wheel 361B Jan 31 05:36 reset_slbd.sh
-rwxr-xr-x 1 root wheel 551B Jun 10 2006 show_filter_reload_status.php
-rwxr-xr-x 1 root wheel 29K Jul 8 13:19 slbd
-r-xr-xr-x 1 root wheel 3.0K Jul 8 13:19 ssh_tunnel_shell
-r-xr-xr-x 1 root wheel 4.4K Jul 8 13:19 sshlockout_pf
-rwxr-xr-x 1 root wheel 75B Apr 11 2006 vpn-linkdown
-rwxr-xr-x 1 root wheel 75B Apr 11 2006 vpn-linkupalways fun… 2 people trying to help each other.... in different timezones :)
-
ls -lah /usr/local/sbin/
total 4522
drwxr-xr-x 2 root wheel 1.0K Jul 10 09:22 .
drwxr-xr-x 18 root wheel 512B Jul 10 09:23 ..
-rwxr-xr-x 1 root wheel 5.3K Nov 4 2005 atareinit
-rwxr-xr-x 1 root wheel 46K Nov 7 2004 bpalogin
-rwxr-xr-x 1 root wheel 6.8K May 18 2007 check_reload_status
-rwxr-xr-x 1 root wheel 7.1K Nov 4 2005 choparp
-rwxr-xr-x 1 root wheel 505K Jan 18 2007 dhcpd
-rwxr-xr-x 1 root wheel 128K Jan 13 2006 dhcrelay
-rwxr-xr-x 1 root wheel 192K Mar 8 2005 dnsextd
-rwxr-xr-x 1 root wheel 133K Jul 27 2007 dnsmasq
-rwxr-xr-x 1 root wheel 4.7K Mar 13 2005 env4801
-rwxr-xr-x 1 root wheel 9.9K Jul 10 2005 expiretable
-rwxr-xr-x 1 root wheel 22K Apr 19 2007 fping
-rwxr-xr-x 1 root wheel 15K Jul 11 2007 ftpsesame
-rwxr-xr-x 1 root wheel 795K Nov 8 2005 gzsig
-rwxr-xr-x 1 root wheel 3.3K Nov 4 2005 kbdcheck
-rwxr-xr-x 1 root wheel 157K Sep 11 2007 lighttpd
-rwxr-xr-x 1 root wheel 220K Mar 8 2005 mdnsd
-rwxr-xr-x 1 root wheel 43K Sep 29 2007 miniupnpd
-rwxr-xr-x 1 root wheel 239K Jan 6 2008 mpd
-rwxr-xr-x 1 root wheel 31K Oct 3 2006 ntpd
-rwxr-xr-x 1 root wheel 152K Feb 13 2007 olsrd
-rwxr-xr-x 1 root wheel 357K Sep 13 2007 openvpn
-rwxr-xr-x 1 root wheel 8.5K Nov 24 2007 pfSsh.php
-rwxr-xr-x 1 root wheel 98K May 27 2007 pftop
-rwxr-xr-x 1 root wheel 22K Jun 30 2007 pftpx
-rwxr-xr-x 1 root wheel 613B Nov 28 2005 ppp-linkup
-rwxr-xr-x 1 root wheel 1.0M Feb 1 22:32 racoon
-rwxr-xr-x 1 root wheel 669B Oct 4 2007 racoon_watch.sh
-rwxr-xr-x 1 root wheel 48K Dec 26 2005 racoonctl
-rwxr-xr-x 1 root wheel 361B Jan 31 05:36 reset_slbd.sh
-rwxr-xr-x 1 root wheel 37K Aug 19 2005 sasyncd
-rwxr-xr-x 1 root wheel 551B Jun 10 2006 show_filter_reload_status.php
-rwxr-xr-x 1 root wheel 29K Apr 24 2007 slbd
-rwxr-xr-x 1 root wheel 3.0K Jun 5 2006 ssh_tunnel_shell
-rwxr-xr-x 1 root wheel 4.4K Nov 4 2005 sshlockout_pf
-rwxr-xr-x 1 root wheel 75B Apr 11 2006 vpn-linkdown
-rwxr-xr-x 1 root wheel 75B Apr 11 2006 vpn-linkup -
1.2.1-TESTING-SNAPSHOT
built on Fri Jul 11 01:40:31 EDT 2008ls -lah /usr/local/sbin/
total 3366
drwxr-xr-x 2 root wheel 1.0K Jul 8 13:19 .
drwxr-xr-x 16 root wheel 512B Jul 8 13:18 ..
-r-xr-xr-x 1 root wheel 6.8K Jul 8 13:19 check_reload_status
-r-xr-xr-x 1 root wheel 7.1K Jul 8 13:19 choparp
-r-xr-xr-x 1 root wheel 31K Jul 8 12:08 dfuife_curses
-rwxr-xr-x 1 root wheel 505K Jul 8 13:19 dhcpd
-rwxr-xr-x 1 root wheel 128K Jul 8 13:19 dhcrelay
-r-xr-xr-x 1 root wheel 133K Jul 8 13:19 dnsmasq
-rwxr-xr-x 1 root wheel 9.9K Jul 8 13:19 expiretable
-r-xr-xr-x 1 root wheel 22K Jul 8 13:19 fping
-r-xr-xr-x 1 root wheel 15K Jul 8 13:19 ftpsesame
-r-xr-xr-x 1 root wheel 134K Jul 8 12:12 grub
-r-xr-xr-x 1 root wheel 13K Jul 8 12:12 grub-install
-r-xr-xr-x 1 root wheel 2.3K Jul 8 12:12 grub-md5-crypt
-r-xr-xr-x 1 root wheel 2.5K Jul 8 12:12 grub-set-default
-r-xr-xr-x 1 root wheel 2.4K Jul 8 12:12 grub-terminfo
-r-xr-xr-x 1 root wheel 157K Jul 8 13:19 lighttpd
-r-xr-xr-x 1 root wheel 43K Jul 8 13:19 miniupnpd
-r-xr-xr-x 1 root wheel 239K Jul 8 13:19 mpd
-r-xr-xr-x 1 root wheel 31K Jul 8 13:19 ntpd
-rwxr-xr-x 1 root wheel 152K Jul 8 13:19 olsrd
-r-xr-xr-x 1 root wheel 357K Jul 8 13:19 openvpn
-rwxr-xr-x 1 root wheel 8.5K Apr 14 19:31 pfSsh.php
-r-xr-xr-x 1 root wheel 98K Jul 8 13:19 pftop
-r-xr-xr-x 1 root wheel 22K Jul 8 13:19 pftpx
-rwxr-xr-x 1 root wheel 613B Nov 28 2005 ppp-linkup
-r-xr-xr-x 1 root wheel 1.0M Jul 8 13:19 racoon
-r-xr-xr-x 1 root wheel 48K Jul 8 13:19 racoonctl
-rwxr-xr-x 1 root wheel 361B Jan 31 05:36 reset_slbd.sh
-rwxr-xr-x 1 root wheel 551B Jun 10 2006 show_filter_reload_status.php
-rwxr-xr-x 1 root wheel 29K Jul 8 13:19 slbd
-r-xr-xr-x 1 root wheel 3.0K Jul 8 13:19 ssh_tunnel_shell
-r-xr-xr-x 1 root wheel 4.4K Jul 8 13:19 sshlockout_pf
-rwxr-xr-x 1 root wheel 75B Apr 11 2006 vpn-linkdown
-rwxr-xr-x 1 root wheel 75B Apr 11 2006 vpn-linkup -
did a fresh install instead of the upgrade this time….
# ls -lah /usr/local/sbin/ total 3366 drwxr-xr-x 2 root wheel 1.0K Jul 11 07:35 . drwxr-xr-x 15 root wheel 512B Jul 11 07:33 .. -r-xr-xr-x 1 root wheel 6.8K Jul 11 07:35 check_reload_status -r-xr-xr-x 1 root wheel 7.1K Jul 11 07:35 choparp -r-xr-xr-x 1 root wheel 31K Jul 11 06:44 dfuife_curses -rwxr-xr-x 1 root wheel 505K Jul 11 07:35 dhcpd -rwxr-xr-x 1 root wheel 128K Jul 11 07:35 dhcrelay -r-xr-xr-x 1 root wheel 133K Jul 11 07:35 dnsmasq -rwxr-xr-x 1 root wheel 9.9K Jul 11 07:35 expiretable -r-xr-xr-x 1 root wheel 22K Jul 11 07:35 fping -r-xr-xr-x 1 root wheel 15K Jul 11 07:35 ftpsesame -r-xr-xr-x 1 root wheel 134K Jul 10 04:58 grub -r-xr-xr-x 1 root wheel 13K Jul 10 04:58 grub-install -r-xr-xr-x 1 root wheel 2.3K Jul 10 04:58 grub-md5-crypt -r-xr-xr-x 1 root wheel 2.5K Jul 10 04:58 grub-set-default -r-xr-xr-x 1 root wheel 2.4K Jul 10 04:58 grub-terminfo -r-xr-xr-x 1 root wheel 157K Jul 11 07:35 lighttpd -r-xr-xr-x 1 root wheel 43K Jul 11 07:35 miniupnpd -r-xr-xr-x 1 root wheel 239K Jul 11 07:35 mpd -r-xr-xr-x 1 root wheel 31K Jul 11 07:35 ntpd -rwxr-xr-x 1 root wheel 152K Jul 11 07:35 olsrd -r-xr-xr-x 1 root wheel 357K Jul 11 07:35 openvpn -rwxr-xr-x 1 root wheel 8.5K Apr 14 19:31 pfSsh.php -r-xr-xr-x 1 root wheel 98K Jul 11 07:35 pftop -r-xr-xr-x 1 root wheel 22K Jul 11 07:35 pftpx -rwxr-xr-x 1 root wheel 613B Nov 28 2005 ppp-linkup -r-xr-xr-x 1 root wheel 1.0M Jul 11 07:35 racoon -r-xr-xr-x 1 root wheel 48K Jul 11 07:35 racoonctl -rwxr-xr-x 1 root wheel 361B Jan 31 05:36 reset_slbd.sh -rwxr-xr-x 1 root wheel 551B Jun 10 2006 show_filter_reload_status.php -rwxr-xr-x 1 root wheel 29K Jul 11 07:35 slbd -r-xr-xr-x 1 root wheel 3.0K Jul 11 07:35 ssh_tunnel_shell -r-xr-xr-x 1 root wheel 4.4K Jul 11 07:35 sshlockout_pf -rwxr-xr-x 1 root wheel 75B Apr 11 2006 vpn-linkdown -rwxr-xr-x 1 root wheel 75B Apr 11 2006 vpn-linkupnot much change here…. but got the setkey in /sbin now...
anyway i can do more testing for u guys ?
my logs while trying to get a connection with a 1.2 pfsense :
Jul 12 14:01:57 last message repeated 3 timesJul 12 14:01:27 racoon: ERROR: couldn't find configuration. Jul 12 14:01:05 racoon: [Self]: INFO: 85.223.49.41[500] used as isakmp port (fd=15) Jul 12 14:01:05 racoon: [Self]: INFO: 172.16.66.254[500] used as isakmp port (fd=14) Jul 12 14:01:05 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13) Jul 12 14:01:04 racoon: [Self]: INFO: 85.223.49.41[500] used as isakmp port (fd=15) Jul 12 14:01:04 racoon: [Self]: INFO: 172.16.66.254[500] used as isakmp port (fd=14) Jul 12 14:01:04 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13) Jul 12 14:01:03 racoon: [Self]: INFO: 85.223.49.41[500] used as isakmp port (fd=15) Jul 12 14:01:03 racoon: [Self]: INFO: 172.16.66.254[500] used as isakmp port (fd=14) Jul 12 14:01:03 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13) Jul 12 14:01:03 racoon: [Self]: INFO: 85.223.49.41[500] used as isakmp port (fd=15) Jul 12 14:01:03 racoon: [Self]: INFO: 172.16.66.254[500] used as isakmp port (fd=14) Jul 12 14:01:03 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13)still no SA's btw.
after rebooting and trying some diferent settings…
Jul 12 14:37:21 racoon: ERROR: failed to pre-process packet. Jul 12 14:37:21 racoon: ERROR: failed to get proposal for responder. Jul 12 14:37:21 racoon: [Unknown Gateway/Dynamic]: ERROR: no policy found: 172.17.77.0/24[0] 172.16.66.0/24[0] proto=any dir=in Jul 12 14:37:21 racoon: [Bas]: INFO: respond new phase 2 negotiation: 85.223.49.41[0]<=>85.223.50.134[0] Jul 12 14:37:11 racoon: ERROR: failed to pre-process packet. Jul 12 14:37:11 racoon: ERROR: failed to get proposal for responder. Jul 12 14:37:11 racoon: ERROR: no policy found: 172.17.77.0/24[0] 172.16.66.0/24[0] proto=any dir=in Jul 12 14:37:11 racoon: [Bas]: INFO: respond new phase 2 negotiation: 85.223.49.41[0]<=>85.223.50.134[0] -
IPsec is working…. got some yellew crosses in the status => ipsec but it is working... not that fast.... was hoping that the AES stuff on my MB would do more... 15Mbps with a Via C3 1Ghz,, not that shabby i presume...
edit
In the ipsec SASource Destination Protocol SPI Enc. alg. Auth. alg.
Invalid extension
Invalid extension
Invalid extension
Invalid extensionno show stopper... but well.... something is wrong...
-
was hoping that the AES stuff on my MB would do more… 15Mbps with a Via C3 1Ghz,, not that shabby i presume...
Have a look at the dmesg - does a 'padlock' device show up? That's the device driver that supports the crypto features of the C3.
If it shows up, maybe pfSense isn't configured to make use of it, though the man page suggests it should work fine with the IPsec code that pfSense uses.
It's possible that this is a configuration error in the FreeBSD kernel being used in the current betas, which is why I'm suggesting you look at the dmesg.
-
no "padlock" in dmesg… :-(
-
What happens if you try kldload /boot/kernel/padlock.ko at the command prompt. Do you have a padlock device in the dmesg then? Does it help with IPsec?
The next stage, whether or not that works (but assuming you have a /boot/kernel/padlock.ko file) is to try adding padlock_load="YES" to the /boot/loader.conf file. If that sorts it out, then I wonder whether the kernel configuration should be changed to have padlock built in - or a configuration option to load padlock. There are many people running pfSense on VIA processors with the necessary hardware to use the padlock driver.
-
no files in /boot/modules…
am running the version form 07-12 so can try and upgrade...
Will upgrade to the newest build tonight. -
That should be kldload /boot/kernel/padlock.ko
I see the module on my 1.3AA test box, but I overwrote my 1.2.1 image so I can't confirm if it's there and don't have any hardware to see if it loads. -
That should be kldload /boot/kernel/padlock.ko
Indeed it should - sorry for the typo. I've corrected my original post.
-
it's there :-P
going up to 19Mbps…. but the other machine is an old version of pfsense....
same cpu and motherboard.... so no accelerationMy CPU usage is lower... abt 10-15% but it's stable, not flapping like before...
So i guess it's working.. Maybe an idea to enable it through the webinterface ?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.