Hi again,
Please forgot, the tunnel was established with the network activity and
not automatically as I´m thinking.
Last question: The IPSec tunnel uses compression?
System logs:
Mar 30 14:15:36 racoon: INFO: IPsec-SA established: ESP/Tunnel
200.xx.93.210[0]->201.xxx.20.10[0] spi=211026278(0xc940166)
Mar 30 14:15:36 racoon: INFO: IPsec-SA established: ESP/Tunnel
201.xxx.20.10[0]->200.xx.93.210[0] spi=41172309(0x2743d55)
Mar 30 14:15:35 racoon: INFO: respond new phase 2 negotiation:
200.xx.93.210[500]<=>201.xxx.20.10[500]
Mar 30 14:15:35 racoon: INFO: ISAKMP-SA established
200.xx.93.210[500]-201.xxx.20.10[500] spi:c37181d85b7fa623:2716c4c16889f544
Mar 30 14:15:35 racoon: NOTIFY: couldn't find the proper pskey, try to get
one by the peer's address.
Mar 30 14:15:35 racoon: INFO: received Vendor ID: DPD
Mar 30 14:15:35 racoon: INFO: begin Aggressive mode.
Mar 30 14:15:35 racoon: INFO: respond new phase 1 negotiation:
200.xx.93.210[500]<=>201.xxx.20.10[500]
--
Diego
----- Original Message -----
From: "Diego Morato" <[EMAIL PROTECTED]>
To: "Support PfSense" <support@pfsense.com>
Sent: Friday, March 30, 2007 2:09 PM
Subject: [pfSense Support] IPSec connection problem
Hi,
I have two pfsense and trying to do a IPsec tunnel, however I´m having
no sucess. The two points have static IP´s and first I used the default
options of the webgui. After I´m followed this doc:
http://doc.m0n0.ch/handbook/ipsec-tunnels.html.
Is there something that need to be allowed in the Firewall: Rules?
System:
1.0.1-SNAPSHOT-03-15-2007
built on Fri Mar 23 05:07:13 EDT 2007
IPsec logs:
Mar 30 13:57:05 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE):
Invalid argument
Mar 30 13:57:05 racoon: INFO: 201.xxx.20.10[500] used as isakmp port
(fd=21)
Mar 30 13:57:05 racoon: INFO: fe80::204:acff:fe39:aabf%fxp0[500] used as
isakmp port (fd=20)
Mar 30 13:57:05 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE):
Invalid argument
Mar 30 13:57:05 racoon: INFO: 192.xxx.1.71[500] used as isakmp port
(fd=19)
Mar 30 13:57:05 racoon: INFO: fe80::201:3ff:fec1:9736%xl0[500] used as
isakmp port (fd=18)
Mar 30 13:57:05 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE):
Invalid argument
Mar 30 13:57:05 racoon: INFO: 200.xxx.4.75[500] used as isakmp port
(fd=17)
Mar 30 13:57:05 racoon: INFO: fe80::210:5aff:fea7:c137%xl1[500] used as
isakmp port (fd=16)
Mar 30 13:57:05 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE):
Invalid argument
Mar 30 13:57:05 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
Mar 30 13:57:05 racoon: INFO: ::1[500] used as isakmp port (fd=14)
Mar 30 13:57:05 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
Mar 30 13:57:05 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25
Oct 2004 (http://www.openssl.org/)
Mar 30 13:57:05 racoon: INFO: @(#)ipsec-tools 0.6.6
(http://ipsec-tools.sourceforge.net)
Thanks
--
Diego
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
