I had been trying to set up mobile IPSec to use from my laptop, but was
having issues, so I decided to just try straight IPSec from my office to
home (both on pfSense 0.74.6). Both are on dynamic IPs, but for the
purposes of this exercise, I set the home pfSense to be the 'static'
side. This leads me to a question though:
Could the IPSec tunnel setup be changed to allow a DNS name to be used
for the remote gateway? Even if pfSense just resolved the name for you
each time the tunnel was established that would allow people to use
dyndns names for the endpoints without needing to edit the tunnel each time.
As I said, for now I just pretended that my home IP was static and set
up the tunnel using Holger's tutorial as a guide. When I try to
establish the tunnel from work to home, I get the following entries in
my IPSec log. I know it must be something silly since others have many
tunnels working, but I can't get this sorted out.
Are there any ports I need to forward or open for this to work?
Is is possible that Verizon (my ISP for work and home) blocks ports for
IPSec?
Thanks for any help you can provide. I'm also on IRC as DungaBee if
anyone wants to chat real time.
Thanks much,
Brian
Here are the log entries:
Aug 10 08:50:54 racoon: ERROR: no address could be bound.
Aug 10 08:50:54 racoon: ERROR: failed to bind to address
192.168.100.1[500] (Address already in use).
Aug 10 08:50:54 racoon: ERROR: failed to bind to address
fe80::2a0:ccff:fe53:70cd%dc0[500] (Address already in use).
Aug 10 08:50:54 racoon: ERROR: failed to bind to address
fe80::2a0:ccff:fe53:7078%dc1[500] (Address already in use).
Aug 10 08:50:54 racoon: ERROR: failed to bind to address 127.0.0.1[500]
(Address already in use).
Aug 10 08:50:54 racoon: ERROR: failed to bind to address ::1[500]
(Address already in use).
Aug 10 08:50:54 racoon: ERROR: failed to bind to address
fe80::1%lo0[500] (Address already in use).
Aug 10 08:50:54 racoon: ERROR: failed to bind to address
70.17.189.123[500] (Address already in use).
Aug 10 08:50:54 racoon: ERROR: failed to bind to address
fe80::2a0:ccff:fe53:70cd%ng0[500] (Address already in use).
Aug 10 08:50:54 last message repeated 2 times
Aug 10 08:50:54 racoon: INFO: unsupported PF_KEY message REGISTER
Aug 10 08:50:54 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e 25
Oct 2004 (http://www.openssl.org/)
Aug 10 08:50:54 racoon: INFO: @(#)ipsec-tools 0.6
(http://ipsec-tools.sourceforge.net)
Aug 10 08:50:54 racoon: INFO: unsupported PF_KEY message REGISTER
Aug 10 08:50:06 racoon: ERROR: no address could be bound.
Aug 10 08:50:06 racoon: ERROR: failed to bind to address
192.168.100.1[500] (Address already in use).
Aug 10 08:50:06 racoon: ERROR: failed to bind to address
fe80::2a0:ccff:fe53:70cd%dc0[500] (Address already in use).
Aug 10 08:50:06 racoon: ERROR: failed to bind to address
fe80::2a0:ccff:fe53:7078%dc1[500] (Address already in use).
Aug 10 08:50:06 racoon: ERROR: failed to bind to address 127.0.0.1[500]
(Address already in use).
Aug 10 08:50:06 racoon: ERROR: failed to bind to address ::1[500]
(Address already in use).
Aug 10 08:50:06 racoon: ERROR: failed to bind to address
fe80::1%lo0[500] (Address already in use).
Aug 10 08:50:06 racoon: ERROR: failed to bind to address
70.17.189.123[500] (Address already in use).
Aug 10 08:50:06 racoon: ERROR: failed to bind to address
fe80::2a0:ccff:fe53:70cd%ng0[500] (Address already in use).
Aug 10 08:50:06 last message repeated 2 times
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]