If i dont have remote subnet but in the pfsense i must to write something in the textbox REMOTE SUBNET in the configuration of ipsec vpn.
What I have to write in? -----Original Message----- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 09, 2006 4:31 PM To: [email protected] Subject: Re: [pfSense-discussion] Problem with ipsec On 8/9/06, Carlos Julio Sánchez [ACC-SIS] <[EMAIL PROTECTED]> wrote: > > > > > Hello! > > anybody can help me please? > > > > I have an error when I set up vpn with ipsec, my computer A have pfsense and > my computer B have Centos(Linux) > > > > In the ipsec logs I have: > > racoon: ERROR: failed to get sainfo. > > racoon: ERROR: failed to get sainfo. > > racoon: ERROR: failed to pre-process packet. > > racoon: INFO: purging ISAKMP-SA > spi=00bc15f02e56a4a5:69e1cebf2efd8757. > > racoon: INFO: purged ISAKMP-SA > spi=00bc15f02e56a4a5:69e1cebf2efd8757. > > racoon: INFO: ISAKMP-SA deleted xxx.xxx.xxx.xxx [500]- xxx.xxx.xxx.xxx [500] > spi:00bc15f02e56a4a5:69e1cebf2efd8757 > > > > in the logs of computer B I have: > > > > Aug 9 16:15:08 actibts1 racoon: NOTIFY: couldn't find the proper pskey, try > to get one by the peer's address. > > Aug 9 16:15:08 actibts1 racoon: INFO: ISAKMP-SA established > xxx.xxx.xxx.xxx[500]-xxx.xxx.xxx.xxx[500] > spi:00bc15f02e56a4a5:69e1cebf2efd8757 > > Aug 9 16:15:09 actibts1 racoon: INFO: initiate new phase 2 negotiation: > xxx.xxx.xxx.xxx [0]<=> xxx.xxx.xxx.xxx [0] > > Aug 9 16:15:39 actibts1 racoon: INFO: IPsec-SA expired: AH/Transport > xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx spi=35812955(0x222765b) > > Aug 9 16:15:39 actibts1 racoon: WARNING: the expire message is received but > the handler has not been established. > > Aug 9 16:15:39 actibts1 racoon: ERROR: xxx.xxx.xxx.xxx give up to get > IPsec-SA due to time up to wait. Double check your phase 2 settings on both hosts. There is a mismatch somewhere. Scott
