>From what I can tell from the log something is missconfigured as there are >loopbackadresses and it has problems to use an Interface for the outgoing >connection (only had a very very quick look, not much time atm). Maybe you can >post your ipsec-config and your local networks of both sides.
DynDNS.Names should already be usable for both endpoints (was implemented several versions ago). Have you tried it or only assumed that it is not possible? Holger -----Ursprüngliche Nachricht----- Von: Brian [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 10. August 2005 15:18 An: [email protected] Betreff: [pfSense Support] IPSec Problem I had been trying to set up mobile IPSec to use from my laptop, but was having issues, so I decided to just try straight IPSec from my office to home (both on pfSense 0.74.6). Both are on dynamic IPs, but for the purposes of this exercise, I set the home pfSense to be the 'static' side. This leads me to a question though: Could the IPSec tunnel setup be changed to allow a DNS name to be used for the remote gateway? Even if pfSense just resolved the name for you each time the tunnel was established that would allow people to use dyndns names for the endpoints without needing to edit the tunnel each time. As I said, for now I just pretended that my home IP was static and set up the tunnel using Holger's tutorial as a guide. When I try to establish the tunnel from work to home, I get the following entries in my IPSec log. I know it must be something silly since others have many tunnels working, but I can't get this sorted out. Are there any ports I need to forward or open for this to work? Is is possible that Verizon (my ISP for work and home) blocks ports for IPSec? Thanks for any help you can provide. I'm also on IRC as DungaBee if anyone wants to chat real time. Thanks much, Brian Here are the log entries: Aug 10 08:50:54 racoon: ERROR: no address could be bound. Aug 10 08:50:54 racoon: ERROR: failed to bind to address 192.168.100.1[500] (Address already in use). Aug 10 08:50:54 racoon: ERROR: failed to bind to address fe80::2a0:ccff:fe53:70cd%dc0[500] (Address already in use). Aug 10 08:50:54 racoon: ERROR: failed to bind to address fe80::2a0:ccff:fe53:7078%dc1[500] (Address already in use). Aug 10 08:50:54 racoon: ERROR: failed to bind to address 127.0.0.1[500] (Address already in use). Aug 10 08:50:54 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Aug 10 08:50:54 racoon: ERROR: failed to bind to address fe80::1%lo0[500] (Address already in use). Aug 10 08:50:54 racoon: ERROR: failed to bind to address 70.17.189.123[500] (Address already in use). Aug 10 08:50:54 racoon: ERROR: failed to bind to address fe80::2a0:ccff:fe53:70cd%ng0[500] (Address already in use). Aug 10 08:50:54 last message repeated 2 times Aug 10 08:50:54 racoon: INFO: unsupported PF_KEY message REGISTER Aug 10 08:50:54 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e 25 Oct 2004 (http://www.openssl.org/) Aug 10 08:50:54 racoon: INFO: @(#)ipsec-tools 0.6 (http://ipsec-tools.sourceforge.net) Aug 10 08:50:54 racoon: INFO: unsupported PF_KEY message REGISTER Aug 10 08:50:06 racoon: ERROR: no address could be bound. Aug 10 08:50:06 racoon: ERROR: failed to bind to address 192.168.100.1[500] (Address already in use). Aug 10 08:50:06 racoon: ERROR: failed to bind to address fe80::2a0:ccff:fe53:70cd%dc0[500] (Address already in use). Aug 10 08:50:06 racoon: ERROR: failed to bind to address fe80::2a0:ccff:fe53:7078%dc1[500] (Address already in use). Aug 10 08:50:06 racoon: ERROR: failed to bind to address 127.0.0.1[500] (Address already in use). Aug 10 08:50:06 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Aug 10 08:50:06 racoon: ERROR: failed to bind to address fe80::1%lo0[500] (Address already in use). Aug 10 08:50:06 racoon: ERROR: failed to bind to address 70.17.189.123[500] (Address already in use). Aug 10 08:50:06 racoon: ERROR: failed to bind to address fe80::2a0:ccff:fe53:70cd%ng0[500] (Address already in use). Aug 10 08:50:06 last message repeated 2 times --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ____________ Virus checked by G DATA AntiVirusKit --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
