pfSense Support Subscription

Author Topic: IPSEC TUNNEL BETWEEN TWO PFSENSE BOX  (Read 2408 times)

0 Members and 1 Guest are viewing this topic.

Offline echang1024

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
IPSEC TUNNEL BETWEEN TWO PFSENSE BOX
« on: April 14, 2010, 01:37:50 pm »
Hi Guys,

i have ipsec tunneling setup.  it connects but i cannot ping from either side.  here are the logs

Apr 14 11:27:15    racoon: INFO: @(#)ipsec-tools 0.7.2 (http://ipsec-tools.sourceforge.net)
Apr 14 11:27:15    racoon: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
Apr 14 11:27:15    racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Apr 14 11:27:15    racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=14)
Apr 14 11:27:15    racoon: [Self]: INFO: 74.62.208.57[500] used as isakmp port (fd=15)
Apr 14 11:27:15    racoon: [Self]: INFO: 192.168.138.1[500] used as isakmp port (fd=16)
Apr 14 11:27:15    racoon: INFO: unsupported PF_KEY message REGISTER
Apr 14 11:27:15    racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=14)
Apr 14 11:27:15    racoon: [Self]: INFO: 74.62.208.57[500] used as isakmp port (fd=15)
Apr 14 11:27:15    racoon: [Self]: INFO: 192.168.138.1[500] used as isakmp port (fd=16)
Apr 14 11:30:25    racoon: [rancho to la]: INFO: IPsec-SA request for 64.183.45.70 queued due to no phase1 found.
Apr 14 11:30:25    racoon: [rancho to la]: INFO: initiate new phase 1 negotiation: 74.62.208.57[500]<=>64.183.45.70[500]
Apr 14 11:30:25    racoon: INFO: begin Aggressive mode.
Apr 14 11:30:25    racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Apr 14 11:30:25    racoon: INFO: received Vendor ID: DPD
Apr 14 11:30:25    racoon: WARNING: No ID match.
Apr 14 11:30:25    racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Apr 14 11:30:25    racoon: [rancho to la]: INFO: ISAKMP-SA established 74.62.208.57[500]-64.183.45.70[500] spi:691ae6851d91362f:d88474d20ddbbe6d
Apr 14 11:30:26    racoon: [rancho to la]: INFO: initiate new phase 2 negotiation: 74.62.208.57[500]<=>64.183.45.70[500]
Apr 14 11:30:27    racoon: [rancho to la]: INFO: IPsec-SA established: ESP 64.183.45.70[0]->74.62.208.57[0] spi=191454699(0xb695deb)
Apr 14 11:30:27    racoon: [rancho to la]: INFO: IPsec-SA established: ESP 74.62.208.57[0]->64.183.45.70[0] spi=89791474(0x55a1bf2)


also, i can connect to the webgui from box b to box a, but not vise versa

Offline focalguy

  • Full Member
  • ***
  • Posts: 235
  • Karma: +0/-0
    • View Profile
    • My Blog
Re: IPSEC TUNNEL BETWEEN TWO PFSENSE BOX
« Reply #1 on: April 14, 2010, 01:48:15 pm »
Have you allowed traffic on the IPSec interface on both firewalls? By default, no traffic is allowed.

Offline echang1024

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: IPSEC TUNNEL BETWEEN TWO PFSENSE BOX
« Reply #2 on: April 14, 2010, 01:54:02 pm »
focal guy,

yes i have. any ideas?

thanks!




Offline Evgeny

  • Hero Member
  • *****
  • Posts: 1808
  • Karma: +0/-0
    • View Profile
Re: IPSEC TUNNEL BETWEEN TWO PFSENSE BOX
« Reply #3 on: April 14, 2010, 02:59:52 pm »
You should be pinging from a computer connected LAN A to computer connected to LAN B (or vice versa) not from one pfSense box to another.