Discussion:
Problem with ipsec
Carlos Julio Sánchez [ACC-SIS]
2006-08-09 21:37:13 UTC
Permalink
Hello!

anybody can help me please?



I have an error when I set up vpn with ipsec, my computer A have pfsense and
my computer B have Centos(Linux)



In the ipsec logs I have:

racoon: ERROR: failed to get sainfo.

racoon: ERROR: failed to get sainfo.

racoon: ERROR: failed to pre-process packet.

racoon: INFO: purging ISAKMP-SA spi=00bc15f02e56a4a5:69e1cebf2efd8757.

racoon: INFO: purged ISAKMP-SA spi=00bc15f02e56a4a5:69e1cebf2efd8757.

racoon: INFO: ISAKMP-SA deleted xxx.xxx.xxx.xxx [500]- xxx.xxx.xxx.xxx [500]
spi:00bc15f02e56a4a5:69e1cebf2efd8757



in the logs of computer B I have:



Aug 9 16:15:08 actibts1 racoon: NOTIFY: couldn't find the proper pskey, try
to get one by the peer's address.

Aug 9 16:15:08 actibts1 racoon: INFO: ISAKMP-SA established
xxx.xxx.xxx.xxx[500]-xxx.xxx.xxx.xxx[500]
spi:00bc15f02e56a4a5:69e1cebf2efd8757

Aug 9 16:15:09 actibts1 racoon: INFO: initiate new phase 2 negotiation:
xxx.xxx.xxx.xxx [0]<=> xxx.xxx.xxx.xxx [0]

Aug 9 16:15:39 actibts1 racoon: INFO: IPsec-SA expired: AH/Transport
xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx spi=35812955(0x222765b)

Aug 9 16:15:39 actibts1 racoon: WARNING: the expire message is received but
the handler has not been established.

Aug 9 16:15:39 actibts1 racoon: ERROR: xxx.xxx.xxx.xxx give up to get
IPsec-SA due to time up to wait.
Scott Ullrich
2006-08-09 21:31:17 UTC
Permalink
On 8/9/06, Carlos Julio Sánchez [ACC-SIS]
Post by Carlos Julio Sánchez [ACC-SIS]
Hello!
anybody can help me please?
I have an error when I set up vpn with ipsec, my computer A have pfsense and
my computer B have Centos(Linux)
racoon: ERROR: failed to get sainfo.
racoon: ERROR: failed to get sainfo.
racoon: ERROR: failed to pre-process packet.
racoon: INFO: purging ISAKMP-SA
spi=00bc15f02e56a4a5:69e1cebf2efd8757.
racoon: INFO: purged ISAKMP-SA
spi=00bc15f02e56a4a5:69e1cebf2efd8757.
racoon: INFO: ISAKMP-SA deleted xxx.xxx.xxx.xxx [500]- xxx.xxx.xxx.xxx [500]
spi:00bc15f02e56a4a5:69e1cebf2efd8757
Aug 9 16:15:08 actibts1 racoon: NOTIFY: couldn't find the proper pskey, try
to get one by the peer's address.
Aug 9 16:15:08 actibts1 racoon: INFO: ISAKMP-SA established
xxx.xxx.xxx.xxx[500]-xxx.xxx.xxx.xxx[500]
spi:00bc15f02e56a4a5:69e1cebf2efd8757
xxx.xxx.xxx.xxx [0]<=> xxx.xxx.xxx.xxx [0]
Aug 9 16:15:39 actibts1 racoon: INFO: IPsec-SA expired: AH/Transport
xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx spi=35812955(0x222765b)
Aug 9 16:15:39 actibts1 racoon: WARNING: the expire message is received but
the handler has not been established.
Aug 9 16:15:39 actibts1 racoon: ERROR: xxx.xxx.xxx.xxx give up to get
IPsec-SA due to time up to wait.
Double check your phase 2 settings on both hosts. There is a mismatch
somewhere.

Scott
Carlos Julio Sánchez [ACC-SIS]
2006-08-09 21:56:44 UTC
Permalink
If i dont have remote subnet but in the pfsense i must to write something in
the textbox REMOTE SUBNET in the configuration of ipsec vpn.

What I have to write in?

-----Original Message-----
From: Scott Ullrich [mailto:***@gmail.com]
Sent: Wednesday, August 09, 2006 4:31 PM
To: ***@pfsense.com
Subject: Re: [pfSense-discussion] Problem with ipsec

On 8/9/06, Carlos Julio Sánchez [ACC-SIS]
Post by Carlos Julio Sánchez [ACC-SIS]
Hello!
anybody can help me please?
I have an error when I set up vpn with ipsec, my computer A have pfsense and
my computer B have Centos(Linux)
racoon: ERROR: failed to get sainfo.
racoon: ERROR: failed to get sainfo.
racoon: ERROR: failed to pre-process packet.
racoon: INFO: purging ISAKMP-SA
spi=00bc15f02e56a4a5:69e1cebf2efd8757.
racoon: INFO: purged ISAKMP-SA
spi=00bc15f02e56a4a5:69e1cebf2efd8757.
racoon: INFO: ISAKMP-SA deleted xxx.xxx.xxx.xxx [500]- xxx.xxx.xxx.xxx [500]
spi:00bc15f02e56a4a5:69e1cebf2efd8757
Aug 9 16:15:08 actibts1 racoon: NOTIFY: couldn't find the proper pskey, try
to get one by the peer's address.
Aug 9 16:15:08 actibts1 racoon: INFO: ISAKMP-SA established
xxx.xxx.xxx.xxx[500]-xxx.xxx.xxx.xxx[500]
spi:00bc15f02e56a4a5:69e1cebf2efd8757
xxx.xxx.xxx.xxx [0]<=> xxx.xxx.xxx.xxx [0]
Aug 9 16:15:39 actibts1 racoon: INFO: IPsec-SA expired: AH/Transport
xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx spi=35812955(0x222765b)
Aug 9 16:15:39 actibts1 racoon: WARNING: the expire message is received but
the handler has not been established.
Aug 9 16:15:39 actibts1 racoon: ERROR: xxx.xxx.xxx.xxx give up to get
IPsec-SA due to time up to wait.
Double check your phase 2 settings on both hosts. There is a mismatch
somewhere.

Scott
Chris Buechler
2006-08-09 21:49:26 UTC
Permalink
Post by Carlos Julio Sánchez [ACC-SIS]
If i dont have remote subnet but in the pfsense i must to write something in
the textbox REMOTE SUBNET in the configuration of ipsec vpn.
If you're doing a site to site VPN, you *have* to have a remote subnet.
It's the network on the other end that you'll be connecting. If you're
not connecting two networks, you need to look at mobile VPN instead.
Holger Bauer
2006-08-09 21:51:25 UTC
Permalink
It's the remote LAN that you want to reach through the tunnel at the other end.

HOlger
Post by Carlos Julio Sánchez [ACC-SIS]
-----Original Message-----
From: Carlos Julio Sánchez [ACC-SIS]
Sent: Wednesday, August 09, 2006 11:57 PM
Subject: RE: [pfSense-discussion] Problem with ipsec
If i dont have remote subnet but in the pfsense i must to
write something in
the textbox REMOTE SUBNET in the configuration of ipsec vpn.
What I have to write in?
-----Original Message-----
Sent: Wednesday, August 09, 2006 4:31 PM
Subject: Re: [pfSense-discussion] Problem with ipsec
On 8/9/06, Carlos Julio Sánchez [ACC-SIS]
Post by Carlos Julio Sánchez [ACC-SIS]
Hello!
anybody can help me please?
I have an error when I set up vpn with ipsec, my computer A
have pfsense
and
Post by Carlos Julio Sánchez [ACC-SIS]
my computer B have Centos(Linux)
racoon: ERROR: failed to get sainfo.
racoon: ERROR: failed to get sainfo.
racoon: ERROR: failed to pre-process packet.
racoon: INFO: purging ISAKMP-SA
spi=00bc15f02e56a4a5:69e1cebf2efd8757.
racoon: INFO: purged ISAKMP-SA
spi=00bc15f02e56a4a5:69e1cebf2efd8757.
racoon: INFO: ISAKMP-SA deleted xxx.xxx.xxx.xxx [500]-
xxx.xxx.xxx.xxx
[500]
Post by Carlos Julio Sánchez [ACC-SIS]
spi:00bc15f02e56a4a5:69e1cebf2efd8757
Aug 9 16:15:08 actibts1 racoon: NOTIFY: couldn't find the
proper pskey,
try
Post by Carlos Julio Sánchez [ACC-SIS]
to get one by the peer's address.
Aug 9 16:15:08 actibts1 racoon: INFO: ISAKMP-SA established
xxx.xxx.xxx.xxx[500]-xxx.xxx.xxx.xxx[500]
spi:00bc15f02e56a4a5:69e1cebf2efd8757
Aug 9 16:15:09 actibts1 racoon: INFO: initiate new phase 2
xxx.xxx.xxx.xxx [0]<=> xxx.xxx.xxx.xxx [0]
AH/Transport
Post by Carlos Julio Sánchez [ACC-SIS]
xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx spi=35812955(0x222765b)
Aug 9 16:15:39 actibts1 racoon: WARNING: the expire
message is received
but
Post by Carlos Julio Sánchez [ACC-SIS]
the handler has not been established.
Aug 9 16:15:39 actibts1 racoon: ERROR: xxx.xxx.xxx.xxx
give up to get
Post by Carlos Julio Sánchez [ACC-SIS]
IPsec-SA due to time up to wait.
Double check your phase 2 settings on both hosts. There is a mismatch
somewhere.
Scott
Carlos Julio Sánchez [ACC-SIS]
2006-08-09 22:29:05 UTC
Permalink
I configure a mobile client and set the pre-shared-key with the identifier.
I need configure a tunnel ipsec too?


-----Original Message-----
From: Holger Bauer [mailto:***@citec-ag.de]
Sent: Wednesday, August 09, 2006 4:51 PM
To: ***@pfsense.com
Subject: RE: [pfSense-discussion] Problem with ipsec

It's the remote LAN that you want to reach through the tunnel at the other
end.

HOlger
Post by Carlos Julio Sánchez [ACC-SIS]
-----Original Message-----
From: Carlos Julio Sánchez [ACC-SIS]
Sent: Wednesday, August 09, 2006 11:57 PM
Subject: RE: [pfSense-discussion] Problem with ipsec
If i dont have remote subnet but in the pfsense i must to
write something in
the textbox REMOTE SUBNET in the configuration of ipsec vpn.
What I have to write in?
-----Original Message-----
Sent: Wednesday, August 09, 2006 4:31 PM
Subject: Re: [pfSense-discussion] Problem with ipsec
On 8/9/06, Carlos Julio Sánchez [ACC-SIS]
Post by Carlos Julio Sánchez [ACC-SIS]
Hello!
anybody can help me please?
I have an error when I set up vpn with ipsec, my computer A
have pfsense
and
Post by Carlos Julio Sánchez [ACC-SIS]
my computer B have Centos(Linux)
racoon: ERROR: failed to get sainfo.
racoon: ERROR: failed to get sainfo.
racoon: ERROR: failed to pre-process packet.
racoon: INFO: purging ISAKMP-SA
spi=00bc15f02e56a4a5:69e1cebf2efd8757.
racoon: INFO: purged ISAKMP-SA
spi=00bc15f02e56a4a5:69e1cebf2efd8757.
racoon: INFO: ISAKMP-SA deleted xxx.xxx.xxx.xxx [500]-
xxx.xxx.xxx.xxx
[500]
Post by Carlos Julio Sánchez [ACC-SIS]
spi:00bc15f02e56a4a5:69e1cebf2efd8757
Aug 9 16:15:08 actibts1 racoon: NOTIFY: couldn't find the
proper pskey,
try
Post by Carlos Julio Sánchez [ACC-SIS]
to get one by the peer's address.
Aug 9 16:15:08 actibts1 racoon: INFO: ISAKMP-SA established
xxx.xxx.xxx.xxx[500]-xxx.xxx.xxx.xxx[500]
spi:00bc15f02e56a4a5:69e1cebf2efd8757
Aug 9 16:15:09 actibts1 racoon: INFO: initiate new phase 2
xxx.xxx.xxx.xxx [0]<=> xxx.xxx.xxx.xxx [0]
AH/Transport
Post by Carlos Julio Sánchez [ACC-SIS]
xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx spi=35812955(0x222765b)
Aug 9 16:15:39 actibts1 racoon: WARNING: the expire
message is received
but
Post by Carlos Julio Sánchez [ACC-SIS]
the handler has not been established.
Aug 9 16:15:39 actibts1 racoon: ERROR: xxx.xxx.xxx.xxx
give up to get
Post by Carlos Julio Sánchez [ACC-SIS]
IPsec-SA due to time up to wait.
Double check your phase 2 settings on both hosts. There is a mismatch
somewhere.
Scott
__________ NOD32 1.1699 (20060809) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com

Loading...