[ previous ] [ next ] [ threads ]
 
 From:  "Chris Breish" <cbreish at pchelpservice dot com>
 To:  "'Andreas Gracco'" <A dot Gr at ims dot ch>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0wall to m0n0wall IPSec Issues
 Date:  Mon, 15 Nov 2004 17:59:43 -0500
I switched to main, and changed both sides to "My IP address"
Still no joy...

Thanks for the suggestions so far.

Here is another log post of what I'm getting:

m0n0wall 1:
Nov 15 17:50:36 	racoon: INFO: main.c:172:main(): @(#)package version
freebsd-20040617a
Nov 15 17:50:36 	racoon: INFO: main.c:174:main(): @(#)internal
version 20001216 sakane at kame dot net
Nov 15 17:50:36 	racoon: INFO: main.c:175:main(): @(#)This product
linked OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
Nov 15 17:50:36 	racoon: INFO: isakmp.c:1368:isakmp_open():
127.0.0.1[500] used as isakmp port (fd=7)
Nov 15 17:50:36 	racoon: INFO: isakmp.c:1368:isakmp_open():
10.0.1.1[500] used as isakmp port (fd=8)
Nov 15 17:50:36 	racoon: INFO: isakmp.c:1368:isakmp_open():
192.168.2.2[500] used as isakmp port (fd=9)
Nov 15 17:50:36 	racoon: INFO: isakmp.c:1368:isakmp_open():
68.*.*.*[500] used as isakmp port (fd=10)
Nov 15 17:50:37 	racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 192.168.2.0/24[0]
192.168.2.2/32[0] proto=any dir=in
Nov 15 17:50:37 	racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.0.0.0/24[0] 192.168.2.0/24[0]
proto=any dir=in
Nov 15 17:50:37 	racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 192.168.2.2/32[0]
192.168.2.0/24[0] proto=any dir=out
Nov 15 17:50:37 	racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 192.168.2.0/24[0] 10.0.0.0/24[0]
proto=any dir=out

M0n0wall 2:
Nov 15 17:50:37 racoon: INFO: main.c:172:main(): @(#)package version
freebsd-20040617a 
Nov 15 17:50:37 racoon: INFO: main.c:174:main(): @(#)internal version
20001216 sakane at kame dot net 
Nov 15 17:50:37 racoon: INFO: main.c:175:main(): @(#)This product linked
OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/) 
Nov 15 17:50:38 racoon: INFO: isakmp.c:1368:isakmp_open(): 127.0.0.1[500]
used as isakmp port (fd=7) 
Nov 15 17:50:38 racoon: INFO: isakmp.c:1368:isakmp_open(): 66.*.*.*[500]
used as isakmp port (fd=8) 
Nov 15 17:50:38 racoon: INFO: isakmp.c:1368:isakmp_open(): 10.0.0.1[500]
used as isakmp port (fd=9) 
Nov 15 17:50:38 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy
already exists. anyway replace it: 10.0.0.0/24[0] 10.0.0.1/32[0] proto=any
dir=in 
Nov 15 17:50:38 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy
already exists. anyway replace it: 192.168.2.0/24[0] 10.0.0.0/24[0]
proto=any dir=in 
Nov 15 17:50:38 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy
already exists. anyway replace it: 10.0.0.1/32[0] 10.0.0.0/24[0] proto=any
dir=out 
Nov 15 17:50:38 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy
already exists. anyway replace it: 10.0.0.0/24[0] 192.168.2.0/24[0]
proto=any dir=out

Chris Breish

-----Original Message-----
From: Andreas Gracco [mailto:A dot Gr at ims dot ch] 
Sent: Monday, November 15, 2004 5:17 PM
To: Chris Breish
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: AW: [m0n0wall] m0n0wall to m0n0wall IPSec Issues


Hi

I had a lot of problems using Aggressive Negotiation mode, try main mode
wich is also more secure.
What did you use in "My identifier", I suggest to use "My IP Address" ...

Andreas