AW: [pfSense Support] IPSec connection problem

Fuchs, Martin Fri, 30 Mar 2007 11:17:46 -0800

You can add a ping statement tot he ipsec-tunnel so it builds up immediately...


Compression is not used i presume...

MArtin

-----Ursprüngliche Nachricht-----
Von: Diego Morato [mailto:[EMAIL PROTECTED] 
Gesendet: Freitag, 30. März 2007 19:22
An: [email protected]
Betreff: Re: [pfSense Support] IPSec connection problem

Hi again,

    Please forgot, the tunnel was established with the network activity and 
not automatically as I´m thinking.

Last question: The IPSec tunnel uses compression?



System logs:

Mar 30 14:15:36         racoon: INFO: IPsec-SA established: ESP/Tunnel 
200.xx.93.210[0]->201.xxx.20.10[0] spi=211026278(0xc940166)
Mar 30 14:15:36         racoon: INFO: IPsec-SA established: ESP/Tunnel 
201.xxx.20.10[0]->200.xx.93.210[0] spi=41172309(0x2743d55)
Mar 30 14:15:35         racoon: INFO: respond new phase 2 negotiation: 
200.xx.93.210[500]<=>201.xxx.20.10[500]
Mar 30 14:15:35         racoon: INFO: ISAKMP-SA established 
200.xx.93.210[500]-201.xxx.20.10[500] spi:c37181d85b7fa623:2716c4c16889f544
Mar 30 14:15:35         racoon: NOTIFY: couldn't find the proper pskey, try to 
get 
one by the peer's address.
Mar 30 14:15:35         racoon: INFO: received Vendor ID: DPD
Mar 30 14:15:35         racoon: INFO: begin Aggressive mode.
Mar 30 14:15:35         racoon: INFO: respond new phase 1 negotiation: 
200.xx.93.210[500]<=>201.xxx.20.10[500]


--
Diego

----- Original Message -----
From: "Diego Morato" <[EMAIL PROTECTED]>
To: "Support PfSense" <[email protected]>
Sent: Friday, March 30, 2007 2:09 PM
Subject: [pfSense Support] IPSec connection problem

> Hi,
>
>    I have two pfsense and trying to do a IPsec tunnel, however I´m having 
> no sucess. The two points have static IP´s and first I used the default 
> options of the webgui. After I´m followed this doc: 
> http://doc.m0n0.ch/handbook/ipsec-tunnels.html.
>    Is there something that need to be allowed in the Firewall: Rules?
>
> System:
>
> 1.0.1-SNAPSHOT-03-15-2007
> built on Fri Mar 23 05:07:13 EDT 2007
>
> IPsec logs:
>
> Mar 30 13:57:05 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): 
> Invalid argument
> Mar 30 13:57:05 racoon: INFO: 201.xxx.20.10[500] used as isakmp port 
> (fd=21)
> Mar 30 13:57:05 racoon: INFO: fe80::204:acff:fe39:aabf%fxp0[500] used as 
> isakmp port (fd=20)
> Mar 30 13:57:05 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): 
> Invalid argument
> Mar 30 13:57:05 racoon: INFO: 192.xxx.1.71[500] used as isakmp port 
> (fd=19)
> Mar 30 13:57:05 racoon: INFO: fe80::201:3ff:fec1:9736%xl0[500] used as 
> isakmp port (fd=18)
> Mar 30 13:57:05 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): 
> Invalid argument
> Mar 30 13:57:05 racoon: INFO: 200.xxx.4.75[500] used as isakmp port 
> (fd=17)
> Mar 30 13:57:05 racoon: INFO: fe80::210:5aff:fea7:c137%xl1[500] used as 
> isakmp port (fd=16)
> Mar 30 13:57:05 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): 
> Invalid argument
> Mar 30 13:57:05 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
> Mar 30 13:57:05 racoon: INFO: ::1[500] used as isakmp port (fd=14)
> Mar 30 13:57:05 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
> Mar 30 13:57:05 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 
> Oct 2004 (http://www.openssl.org/)
> Mar 30 13:57:05 racoon: INFO: @(#)ipsec-tools 0.6.6 
> (http://ipsec-tools.sourceforge.net)
>
>
> Thanks
>
> --
> Diego
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [pfSense Support] IPSec connection problem

Reply via email to