Hi, JFYI: you must use only those cryptographic services\alrorithms which has been sertified by "ФСБ" and\or "ФСТЭК" (I'm not sure how it sounds in English). It seems like blowfish is under question in your case.
On Sat, 11 Dec 2010 14:28:26 +0300, [email protected] wrote: > Hi, pfsense not send and recived ipsec message to remote gateway! > > Network topology: > > 192.168.8.0/24(LAN)-Pfsense 2.0 > -(WAN)192.168.180.1--------------------192.168.180.13(WAN)-monowall > -(LAN)172.20.34.0/24 > > > > 1.) If inicial coonections from remote net to local net (172.20.34.0/24 -> > 192.168.8.0/24), > > ----------remote monowall racoon.conf-------------- > > path pre_shared_key "/var/etc/psk.txt"; > path certificate "/var/etc"; > > remote 192.186.180.1 { > exchange_mode aggressive; > my_identifier user_fqdn "[email protected]"; > > peers_identifier address 192.186.180.1; > initial_contact on; > support_proxy on; > proposal_check obey; > > proposal { > encryption_algorithm 3des; > hash_algorithm sha1; > authentication_method pre_shared_key; > dh_group 2; > lifetime time 3600 secs; > } > lifetime time 3600 secs; > } > > sainfo address 172.20.34.0/24 any address 192.168.8.0/24 any { > encryption_algorithm blowfish; > authentication_algorithm hmac_sha1; > compression_algorithm deflate; > pfs_group 1; > lifetime time 3600 secs; > } > > --------------END monowall racoon.conf-------------------------- > > --------- pfsense racoon.conf------------------- > # This file is automatically generated. Do not edit > path pre_shared_key "/var/etc/psk.txt"; > > path certificate "/var/etc"; > > > listen > { > adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660; > isakmp 192.168.180.1 [500]; > isakmp_natt 192.168.180.1 [4500]; > } > > > remote 192.186.180.13 > { > ph1id 6; > exchange_mode aggressive; > my_identifier address 192.168.180.1; > peers_identifier user_fqdn "[email protected]"; > ike_frag on; > generate_policy = off; > initial_contact = on; > nat_traversal = off; > > > dpd_delay = 10; > dpd_maxfail = 5; > support_proxy on; > proposal_check obey; > > > proposal > { > authentication_method pre_shared_key; > encryption_algorithm 3des; > hash_algorithm sha1; > dh_group 2; > lifetime time 3600 secs; > } > } > > sainfo subnet 192.168.8.0/24 any subnet 172.20.34.0/24 any > { > remoteid 6; > encryption_algorithm blowfish 256, blowfish 248, blowfish 240, > blowfish 232, blowfish 224, blowfish 216, blowfish 208, blowfish 200, > blowfish 192, blowfish 184, blowfish 176, blowfish 168, blowfish 160, > blowfish 152, blowfish 144, blowfish 136, blowfish 128; > authentication_algorithm hmac_sha1; > pfs_group 2; > lifetime time 3600 secs; > compression_algorithm deflate; > } > -------------------- END pfsense racoon.conf --------------------- > > a.) remote monowall racoon.log > > Dec 11 16:38:20 racoon: DEBUG: get pfkey ACQUIRE message > Dec 11 16:38:20 racoon: DEBUG: suitable outbound SP found: > 172.20.34.0/24 > [0] 192.168.8.0/24[0] proto=any dir=out. > Dec 11 16:38:20 racoon: DEBUG: sub:0xbfbff460: 192.168.8.0/24[0] > 172.20.34.0/24[0] proto=any dir=in > Dec 11 16:38:20 racoon: DEBUG: db :0x80a5a08: 172.20.34.0/24[0] > 172.20.34.1/32[0] proto=any dir=in > Dec 11 16:38:20 racoon: DEBUG: sub:0xbfbff460: 192.168.8.0/24[0] > 172.20.34.0/24[0] proto=any dir=in > Dec 11 16:38:20 racoon: DEBUG: db :0x80a5c08: 192.168.8.0/24[0] > 172.20.34.0/24[0] proto=any dir=in > Dec 11 16:38:20 racoon: DEBUG: suitable inbound SP found: 192.168.8.0/24 > [0] 172.20.34.0/24[0] proto=any dir=in. > Dec 11 16:38:20 racoon: DEBUG: new acquire 172.20.34.0/24[0] > 192.168.8.0/24[0] proto=any dir=out > Dec 11 16:38:20 racoon: DEBUG: (proto_id=ESP spisize=4 spi=00000000 > spi_p=00000000 encmode=Tunnel reqid=16426:16425) > Dec 11 16:38:20 racoon: DEBUG: (trns_id=BLOWFISH encklen=128 > authtype=hmac-sha) > Dec 11 16:38:20 racoon: DEBUG: configuration found for 192.186.180.1. > Dec 11 16:38:20 racoon: INFO: IPsec-SA request for 192.186.180.1 queued > due to no phase1 found. > Dec 11 16:38:20 racoon: DEBUG: === > Dec 11 16:38:20 racoon: INFO: initiate new phase 1 negotiation: > 192.168.180.13[500]<=>192.186.180.1[500] > Dec 11 16:38:20 racoon: INFO: begin Aggressive mode. > Dec 11 16:38:20 racoon: DEBUG: new cookie: bd8323a305dc6618 > Dec 11 16:38:20 racoon: DEBUG: use ID type of User_FQDN > Dec 11 16:38:20 racoon: DEBUG: compute DH's private. > Dec 11 16:38:20 racoon: DEBUG: 50b121a0 b0639e68 c03f785c c5750692 > 9ef93e85 2ab97fe9 1524af19 578f99f4 c44f4a08 3af43dc7 6bd94b4f 3f48b220 > 03d7c270 ed5a7b76 2d054820 90bcef3f c893a102 ae6d2726 d7fedc3f eb5012c2 > 98163336 247a9e77 842b7b56 e3d89d32 71b7e676 a9a18b0e 77794232 dd509b6d > 74714418 ee7cbb50 1697e380 4fd87b6a > Dec 11 16:38:20 racoon: DEBUG: compute DH's public. > Dec 11 16:38:20 racoon: DEBUG: b1ac5940 e16f0a79 403b7ee8 2a190e74 > cc2cc43d 6ddb5bdb c8e5d1b6 bc6d03d0 aa6fcde5 7b97d694 43ec6a41 dc470544 > 6ef87a11 9711c2d9 2d731fa8 f80b288c 0e1be727 8c51391e 57979e40 13b3a30e > 570dd39b 6a54e62f 7b97bca4 3971be85 34047b20 dbe5a671 b4afc883 ea52f8d3 > 69be79fe fcdb3e85 9a4926db 8a908fec > Dec 11 16:38:20 racoon: DEBUG: authmethod is pre-shared key > Dec 11 16:38:20 racoon: DEBUG: add payload of len 48, next type 4 > Dec 11 16:38:20 racoon: DEBUG: add payload of len 128, next type 10 > Dec 11 16:38:20 racoon: DEBUG: add payload of len 16, next type 5 > Dec 11 16:38:20 racoon: DEBUG: add payload of len 22, next type 13 > Dec 11 16:38:20 racoon: DEBUG: add payload of len 16, next type 0 > Dec 11 16:38:20 racoon: DEBUG: 278 bytes from 192.168.180.13[500] to > 192.186.180.1[500] > Dec 11 16:38:20 racoon: DEBUG: sockname 192.168.180.13[500] > Dec 11 16:38:20 racoon: DEBUG: send packet from 192.168.180.13[500] > Dec 11 16:38:20 racoon: DEBUG: send packet to 192.186.180.1[500] > Dec 11 16:38:20 racoon: DEBUG: 1 times of 278 bytes message will be sent > to 192.186.180.1[500] > Dec 11 16:38:20 racoon: DEBUG: bd8323a3 05dc6618 00000000 00000000 > 01100400 00000000 00000116 04000034 00000001 00000001 00000028 01010001 > 00000020 01010000 800b0001 800c0e10 80010005 80030001 80020002 80040002 > 0a000084 b1ac5940 e16f0a79 403b7ee8 2a190e74 cc2cc43d 6ddb5bdb c8e5d1b6 > bc6d03d0 aa6fcde5 7b97d694 43ec6a41 dc470544 6ef87a11 9711c2d9 2d731fa8 > f80b288c 0e1be727 8c51391e 57979e40 13b3a30e 570dd39b 6a54e62f 7b97bca4 > 3971be85 34047b20 dbe5a671 b4afc883 ea52f8d3 69be79fe fcdb3e85 9a4926db > 8a908fec 05000014 8b1829de b01ba19d 87d2245c 1582abc6 0d00001a 03000000 > 6b756c74 406b616c 7567612d 676f762e 72750000 0014afca d71368a1 f1c96b86 > 96fc7757 0100 > Dec 11 16:38:20 racoon: DEBUG: resend phase1 packet > bd8323a305dc6618:0000000000000000 > Dec 11 16:38:30 racoon: DEBUG: 278 bytes from 192.168.180.13[500] to > 192.186.180.1[500] > Dec 11 16:38:30 racoon: DEBUG: sockname 192.168.180.13[500] > Dec 11 16:38:30 racoon: DEBUG: send packet from 192.168.180.13[500] > Dec 11 16:38:30 racoon: DEBUG: send packet to 192.186.180.1[500] > Dec 11 16:38:30 racoon: DEBUG: 1 times of 278 bytes message will be sent > to 192.186.180.1[500] > Dec 11 16:38:30 racoon: DEBUG: bd8323a3 05dc6618 00000000 00000000 > 01100400 00000000 00000116 04000034 00000001 00000001 00000028 01010001 > 00000020 01010000 800b0001 800c0e10 80010005 80030001 80020002 80040002 > 0a000084 b1ac5940 e16f0a79 403b7ee8 2a190e74 cc2cc43d 6ddb5bdb c8e5d1b6 > bc6d03d0 aa6fcde5 7b97d694 43ec6a41 dc470544 6ef87a11 9711c2d9 2d731fa8 > f80b288c 0e1be727 8c51391e 57979e40 13b3a30e 570dd39b 6a54e62f 7b97bca4 > 3971be85 34047b20 dbe5a671 b4afc883 ea52f8d3 69be79fe fcdb3e85 9a4926db > 8a908fec 05000014 8b1829de b01ba19d 87d2245c 1582abc6 0d00001a 03000000 > 6b756c74 406b616c 7567612d 676f762e 72750000 0014afca d71368a1 f1c96b86 > 96fc7757 0100 > Dec 11 16:38:30 racoon: DEBUG: resend phase1 packet > bd8323a305dc6618:0000000000000000 > Dec 11 16:38:40 racoon: DEBUG: 278 bytes from 192.168.180.13[500] to > 192.186.180.1[500] > Dec 11 16:38:40 racoon: DEBUG: sockname 192.168.180.13[500] > Dec 11 16:38:40 racoon: DEBUG: send packet from 192.168.180.13[500] > Dec 11 16:38:40 racoon: DEBUG: send packet to 192.186.180.1[500] > Dec 11 16:38:40 racoon: DEBUG: 1 times of 278 bytes message will be sent > to 192.186.180.1[500] > Dec 11 16:38:40 racoon: DEBUG: bd8323a3 05dc6618 00000000 00000000 > 01100400 00000000 00000116 04000034 00000001 00000001 00000028 01010001 > 00000020 01010000 800b0001 800c0e10 80010005 80030001 80020002 80040002 > 0a000084 b1ac5940 e16f0a79 403b7ee8 2a190e74 cc2cc43d 6ddb5bdb c8e5d1b6 > bc6d03d0 aa6fcde5 7b97d694 43ec6a41 dc470544 6ef87a11 9711c2d9 2d731fa8 > f80b288c 0e1be727 8c51391e 57979e40 13b3a30e 570dd39b 6a54e62f 7b97bca4 > 3971be85 34047b20 dbe5a671 b4afc883 ea52f8d3 69be79fe fcdb3e85 9a4926db > 8a908fec 05000014 8b1829de b01ba19d 87d2245c 1582abc6 0d00001a 03000000 > 6b756c74 406b616c 7567612d 676f762e 72750000 0014afca d71368a1 f1c96b86 > 96fc7757 0100 > Dec 11 16:38:40 racoon: DEBUG: resend phase1 packet > bd8323a305dc6618:0000000000000000 > Dec 11 16:38:50 racoon: DEBUG: 278 bytes from 192.168.180.13[500] to > 192.186.180.1[500] > Dec 11 16:38:50 racoon: DEBUG: sockname 192.168.180.13[500] > Dec 11 16:38:50 racoon: DEBUG: send packet from 192.168.180.13[500] > Dec 11 16:38:50 racoon: DEBUG: send packet to 192.186.180.1[500] > Dec 11 16:38:50 racoon: DEBUG: 1 times of 278 bytes message will be sent > to 192.186.180.1[500] > Dec 11 16:38:50 racoon: DEBUG: bd8323a3 05dc6618 00000000 00000000 > 01100400 00000000 00000116 04000034 00000001 00000001 00000028 01010001 > 00000020 01010000 800b0001 800c0e10 80010005 80030001 80020002 80040002 > 0a000084 b1ac5940 e16f0a79 403b7ee8 2a190e74 cc2cc43d 6ddb5bdb c8e5d1b6 > bc6d03d0 aa6fcde5 7b97d694 43ec6a41 dc470544 6ef87a11 9711c2d9 2d731fa8 > f80b288c 0e1be727 8c51391e 57979e40 13b3a30e 570dd39b 6a54e62f 7b97bca4 > 3971be85 34047b20 dbe5a671 b4afc883 ea52f8d3 69be79fe fcdb3e85 9a4926db > 8a908fec 05000014 8b1829de b01ba19d 87d2245c 1582abc6 0d00001a 03000000 > 6b756c74 406b616c 7567612d 676f762e 72750000 0014afca d71368a1 f1c96b86 > 96fc7757 0100 > Dec 11 16:38:50 racoon: DEBUG: resend phase1 packet > bd8323a305dc6618:0000000000000000 > Dec 11 16:38:51 racoon: ERROR: phase2 negotiation failed due to time up > waiting for phase1. ESP 192.186.180.1[0]->192.168.180.13[0] > Dec 11 16:38:51 racoon: INFO: delete phase 2 handler. > > > b.) pfsense racoon.log is empty! > > > > > > 2.) If coonect from local net to remote gateway monowall (192.168.8.0/24 -> > 172.20.34.0/24), > > > a.) remote monowall racoon.log is empty! > > > b.) Pfsense 2.0 racoon.log > > Dec 11 13:58:00 racoon: ERROR: couldn't find configuration. > Dec 11 13:58:07 racoon: [C-Chedrina_72]: ERROR: phase2 negotiation > failed > due to time up waiting for phase1. ESP 192.186.180.13[0]->192.168.180.1[0] > Dec 11 13:58:07 racoon: INFO: delete phase 2 handler. > Dec 11 13:58:20 racoon: ERROR: couldn't find configuration. > Dec 11 13:58:25 racoon: ERROR: phase1 negotiation failed due to time up. > 16931d8b372f27af:0000000000000000 > Dec 11 13:58:40 racoon: ERROR: couldn't find configuration. > Dec 11 13:59:16 racoon: ERROR: couldn't find configuration. > Dec 11 14:00:56 last message repeated 5 times > Dec 11 14:01:16 racoon: [C-Chedrina_72]: INFO: IPsec-SA request for > 192.186.180.13 queued due to no phase1 found. > Dec 11 14:01:16 racoon: [C-Chedrina_72]: INFO: initiate new phase 1 > negotiation: 192.168.180.1[500]<=>192.186.180.13[500] > Dec 11 14:01:16 racoon: INFO: begin Aggressive mode. > Dec 11 14:01:47 racoon: [C-Chedrina_72]: ERROR: phase2 negotiation > failed > due to time up waiting for phase1. ESP 192.186.180.13[0]->192.168.180.1[0] > Dec 11 14:01:47 racoon: INFO: delete phase 2 handler. > Dec 11 14:01:58 racoon: ERROR: couldn't find configuration. > > , but racoon.conf is exist (in /status.php)! > > > Please HELP! > > P.S. FireWall any to any on the WAN iface! > > Drovalev Roman Nikolaevich. > > > > > Evgeny Yurchenko <[email protected]> написано 10.12.2010 17:16:53: > >> От: Evgeny Yurchenko <[email protected]> >> Кому: [email protected] >> Дата: 10.12.2010 17:17 >> Тема: Re: [pfSense Support] 2.0 - don't work Ipsec! >> >> On 10-12-10 01:40 AM, [email protected] wrote: >> > Hi, >> > >> > LAN net - 192.168.8.0/24 -------- This is pfsense 2.0 ---------- >> > 172.20.20.0/24 >> > ........ 172.20.21.0/24 >> > 0.0.0.0/0 172.20.22.0/24 >> > 172.20.24.0/24 >> > ....... >> > >> > firewall on the ipsec iface full open. >> > >> > Why not established 1 phase ipsec? >> > >> > P.S. With this configuration all works on pfsense 1.2 and monowall! >> > >> > Please Help! >> > >> > >> > my racoon.conf: >> > >> > # This file is automatically generated. Do not edit >> > path pre_shared_key "/var/etc/psk.txt"; >> > >> > path certificate "/var/etc"; >> > >> > >> > listen >> > { >> > adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660; >> > isakmp 192.168.180.33 [500]; >> > isakmp_natt 192.168.180.33 [4500]; >> > isakmp 192.168.180.1 [500]; >> > isakmp_natt 192.168.180.1 [4500]; >> > isakmp 10.221.40.6 [500]; >> > isakmp_natt 10.221.40.6 [4500]; >> > } >> > >> > >> > remote 192.186.180.38 >> > { >> > ph1id 1; >> > exchange_mode aggressive; >> > my_identifier address 192.168.180.33; >> > peers_identifier address 192.186.180.38; >> > ike_frag on; >> > generate_policy = off; >> > initial_contact = on; >> > nat_traversal = off; >> > >> > >> > dpd_delay = 10; >> > dpd_maxfail = 5; >> > support_proxy on; >> > proposal_check obey; >> > >> > >> > proposal >> > { >> > authentication_method pre_shared_key; >> > encryption_algorithm 3des; >> > hash_algorithm sha1; >> > dh_group 2; >> > lifetime time 3600 secs; >> > } >> > } >> > >> > remote 192.186.180.39 >> > { >> > ph1id 2; >> > exchange_mode aggressive; >> > my_identifier address 192.168.180.33; >> > peers_identifier address 192.186.180.39; >> > ike_frag on; >> > generate_policy = off; >> > initial_contact = on; >> > nat_traversal = on; >> > >> > >> > dpd_delay = 10; >> > dpd_maxfail = 5; >> > support_proxy on; >> > proposal_check obey; >> > >> > >> > proposal >> > { >> > authentication_method pre_shared_key; >> > encryption_algorithm 3des; >> > hash_algorithm sha1; >> > dh_group 2; >> > lifetime time 3600 secs; >> > } >> > } >> > >> > .......... >> > >> > >> > sainfo subnet 0.0.0.0/0 any subnet 172.20.22.0/24 any >> > { >> > remoteid 1; >> > encryption_algorithm blowfish 256, blowfish 248, blowfish 240, >> > blowfish 232, blowfish 224, blowfish 216, blowfish 208, blowfish 200, >> > blowfish 192, blowfish 184, blowfish 176, blowfish 168, blowfish 160, >> > blowfish 152, blowfish 144, blowfish 136, blowfish 128; >> > authentication_algorithm hmac_sha1; >> > pfs_group 2; >> > lifetime time 3600 secs; >> > compression_algorithm deflate; >> > } >> > >> > sainfo subnet 0.0.0.0/0 any subnet 172.20.20.0/24 any >> > { >> > remoteid 2; >> > encryption_algorithm aes 256, aes 192, aes 128; >> > authentication_algorithm hmac_sha1; >> > pfs_group 2; >> > lifetime time 3600 secs; >> > compression_algorithm deflate; >> > } >> > >> > ....... >> > >> > racoon.log >> > >> > >> > racoon: INFO: @(#)ipsec-tools 0.7.3 > (http://ipsec-tools.sourceforge.net) >> > Dec 10 08:55:02 racoon: INFO: @(#)This product linked OpenSSL 0.9.8n > 24 >> > Mar 2010 (http://www.openssl.org/) >> > Dec 10 08:55:02 racoon: INFO: Reading configuration from >> > "/var/etc/racoon.conf" >> > Dec 10 08:55:02 racoon: [Self]: INFO: 10.221.40.6[4500] used as > isakmp >> > port (fd=16) >> > Dec 10 08:55:02 racoon: INFO: 10.221.40.6[4500] used for NAT-T >> > Dec 10 08:55:02 racoon: [Self]: INFO: 10.221.40.6[500] used as > isakmp >> > port (fd=17) >> > Dec 10 08:55:02 racoon: INFO: 10.221.40.6[500] used for NAT-T >> > Dec 10 08:55:02 racoon: INFO: 192.168.180.1[4500] used as isakmp > port >> > (fd=18) >> > Dec 10 08:55:02 racoon: INFO: 192.168.180.1[4500] used for NAT-T >> > Dec 10 08:55:02 racoon: INFO: 192.168.180.1[500] used as isakmp port >> > (fd=19) >> > Dec 10 08:55:02 racoon: INFO: 192.168.180.1[500] used for NAT-T >> > Dec 10 08:55:02 racoon: [Self]: INFO: 192.168.180.33[4500] usedas > isakmp >> > port (fd=20) >> > Dec 10 08:55:02 racoon: INFO: 192.168.180.33[4500] used for NAT-T >> > Dec 10 08:55:02 racoon: [Self]: INFO: 192.168.180.33[500] used as > isakmp >> > port (fd=21) >> > Dec 10 08:55:02 racoon: INFO: 192.168.180.33[500] used for NAT-T >> > Dec 10 08:55:02 racoon: INFO: unsupported PF_KEY message REGISTER >> > Dec 10 08:55:04 racoon: [Milicia]: INFO: IPsec-SA request for >> > 192.186.180.15 queued due to no phase1 found. >> > Dec 10 08:55:04 racoon: [Milicia]: INFO: initiate new phase 1 >> > negotiation: 192.168.180.1[500]<=>192.186.180.15[500] >> > Dec 10 08:55:04 racoon: INFO: begin Aggressive mode. >> > Dec 10 08:55:05 racoon: [Statichov_7]: INFO: IPsec-SA request for >> > 192.186.180.39 queued due to no phase1 found. >> > Dec 10 08:55:05 racoon: [Statichov_7]: INFO: initiate new phase 1 >> > negotiation: 192.168.180.33[500]<=>192.186.180.39[500] >> > Dec 10 08:55:05 racoon: INFO: begin Aggressive mode. >> > Dec 10 08:55:06 racoon: [M.Gorkogo_59]: INFO: IPsec-SA request for >> > 192.186.180.35 queued due to no phase1 found. >> > Dec 10 08:55:06 racoon: [M.Gorkogo_59]: INFO: initiate new phase 1 >> > negotiation: 192.168.180.33[500]<=>192.186.180.35[500] >> > Dec 10 08:55:06 racoon: INFO: begin Aggressive mode. >> > Dec 10 08:55:13 racoon: INFO: @(#)ipsec-tools 0.7.3 >> > (http://ipsec-tools.sourceforge.net) >> > Dec 10 08:55:13 racoon: INFO: @(#)This product linked OpenSSL 0.9.8n > 24 >> > Mar 2010 (http://www.openssl.org/) >> > Dec 10 08:55:13 racoon: INFO: Reading configuration from >> > "/var/etc/racoon.conf" >> > Dec 10 08:55:13 racoon: [Self]: INFO: 10.221.40.6[4500] used as > isakmp >> > port (fd=19) >> > Dec 10 08:55:13 racoon: INFO: 10.221.40.6[4500] used for NAT-T >> > Dec 10 08:55:13 racoon: [Self]: INFO: 10.221.40.6[500] used as > isakmp >> > port (fd=20) >> > Dec 10 08:55:13 racoon: INFO: 10.221.40.6[500] used for NAT-T >> > Dec 10 08:55:13 racoon: INFO: 192.168.180.1[4500] used as isakmp > port >> > (fd=21) >> > Dec 10 08:55:13 racoon: INFO: 192.168.180.1[4500] used for NAT-T >> > Dec 10 08:55:13 racoon: INFO: 192.168.180.1[500] used as isakmp port >> > (fd=22) >> > Dec 10 08:55:13 racoon: INFO: 192.168.180.1[500] used for NAT-T >> > Dec 10 08:55:13 racoon: [Self]: INFO: 192.168.180.33[4500] usedas > isakmp >> > port (fd=23) >> > Dec 10 08:55:13 racoon: INFO: 192.168.180.33[4500] used for NAT-T >> > Dec 10 08:55:13 racoon: [Self]: INFO: 192.168.180.33[500] used as > isakmp >> > port (fd=24) >> > Dec 10 08:55:13 racoon: INFO: 192.168.180.33[500] used for NAT-T >> > Dec 10 08:55:13 racoon: INFO: unsupported PF_KEY message REGISTER >> > Dec 10 08:55:13 racoon: ERROR: such policy already exists. anyway > replace >> > it: 192.168.8.13/32[0] 192.168.8.0/24[0] proto=any dir=out >> > Dec 10 08:55:13 racoon: ERROR: such policy already exists. anyway > replace >> > it: 192.168.8.0/24[0] 192.168.8.13/32[0] proto=any dir=in >> > Dec 10 08:55:13 racoon: ERROR: such policy already exists. anyway > replace >> > it: 0.0.0.0/0[0] 172.20.22.0/24[0] proto=any dir=out >> > Dec 10 08:55:13 racoon: ERROR: such policy already exists. anyway > replace >> > it: 172.20.22.0/24[0] 0.0.0.0/0[0] proto=any dir=in >> > Dec 10 08:55:13 racoon: ERROR: such policy already exists. anyway > replace >> > it: 0.0.0.0/0[0] 172.20.20.0/24[0] proto=any dir=out >> > Dec 10 08:55:13 racoon: ERROR: such policy already exists. anyway > replace >> > it: 172.20.20.0/24[0] 0.0.0.0/0[0] proto=any dir=in >> > >> > ....... >> > >> > >> > >> > Drovalev Roman Nikolaevich. >> > >> > >> > >> Please do not top-post. >> It is not full log, is it? it does not say anything about failure. There >> must be something like 'timeout' or other error. Are you sure you are >> receiving packets from remote site on WAN? >> Evgeny. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> Commercial support available - https://portal.pfsense.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
