On 24/02/2015 21:44, Brian Candler wrote:
Many thanks. I've made that change now and I'll see over the next few
days if it stays up.
Unfortunately it didn't :-(
2015 Feb 25 06:07:30 Group = X.X.X.219, IP = X.X.X.219, Error: dynamic
map SYSTEM_DEFAULT_CRYPTO_MAP: * to any not permitted.
2015 Feb 25 06:07:30 Group = X.X.X.219, IP = X.X.X.219, Rejecting IPSec
tunnel: no matching crypto map entry for remote proxy
0.0.0.0/0.0.0.0/0/0 local proxy 10.26.0.0/255.255.0.0/0/0 on interface
outside
2015 Feb 25 06:07:30 Group = X.X.X.219, IP = X.X.X.219, QM FSM error (P2
struct &0xcbf3d218, mess id 0xc9a0458c)!
2015 Feb 25 06:07:30 Group = X.X.X.219, IP = X.X.X.219, Removing peer
from correlator table failed, no match!
What I had done is:
VPN > IPSec > Advanced settings
Check "Disable Unity Plugin"
Stop IPSEC service
Start IPSEC service
And I can see this has been applied (except I've not rebooted the firewall)
: grep unity /var/etc/ipsec/strongswan.conf
cisco_unity = no
> There was one person reporting that wasn't adequate, the plugin had
to be not loaded at all, not just disabled like that.
How does one prevent the plugin being loaded? I found these:
/etc/pfSense_md5.txt:MD5
(/usr/local/lib/ipsec/plugins/libstrongswan-unity.so) =
66080ad3f0fd624958e8307492f6488b
/etc/installed_filesystem.mtree: libstrongswan-unity.so \
but I can't see code which says which plugins to load. Should I just
move it out of the way and restart strongswan?
Regards,
Brian.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold