AW: AW: [m0n0wall] IPSec tunnel between m0n0wall and pfSense

From:	"Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
To:	"Marc Berthold" <ber at fmx dot ch>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	AW: AW: [m0n0wall] IPSec tunnel between m0n0wall and pfSense
Date:	Wed, 8 Jun 2005 10:47:48 +0200
Ah, you have been caught by the evil (0.66.6) version. This one only had a very short lifetime but
it is still the most recent wrap/soekris image. A lot of changes went into this version and so there
were some bugs in it (don't forget this is still alpha). I'll talk to Scott this evening if we can
put up a new version for wrap/soekris. 
 
Holger

-----Ursprüngliche Nachricht-----
Von: Marc Berthold [mailto:ber at fmx dot ch]
Gesendet: Mittwoch, 8. Juni 2005 10:28
An: Holger Bauer
Cc: m0n0wall at lists dot m0n0 dot ch
Betreff: Re: AW: [m0n0wall] IPSec tunnel between m0n0wall and pfSense


Hi Holger,

M0n0wall is running on a IP330:

Name	 vougeot.fmx.ch 	
Version	 1.11 
built on Thu Nov 11 23:02:41 CET 2004 	
Platform	 generic-pc 	
Uptime	 9 days, 03:20	


And the pfSense is running on a Soekris net4801:

Name	 psi.gorfou.ch 	
Version	 0.66.6 
built on Sat Jun 4 23:06:02 UTC 2005 	
Platform	 wrap	


Thank you for your help,
Marc


Holger Bauer wrote: 

Hi Marc,



I already have tested a Tunnel between pfsense and m0n0 between static and dynamic IP (with mobile
client) and it worked for me without any issue. However, this was some versions ago. Can you please
provide which versions of m0n0 and pfSense you are using

 for testing? I can try this setup then this evening at home.



Holger



-----Ursprüngliche Nachricht-----

Von: Marc Berthold [ mailto:ber at fmx dot ch]

Gesendet: Mittwoch, 8. Juni 2005 09:58

An:  m0n0wall at lists dot m0n0 dot ch

Betreff: [m0n0wall] IPSec tunnel between m0n0wall and pfSense





Hi,

I'm tring to build a IPSec tunel between a m0n0wall and pfSense.

Both have static IPs.

On the 2 side the seting are the same.



It fail somehow in the phase2 but I can understand why.



Here are the log from the pfSense (IP 213.39.112.30):

Jun 8 07:53:47 	racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate 

new phase 2 negotiation: 213.39.112.30[0]<=>62.50.75.5[0]

Jun 8 07:53:43 	racoon: ERROR: pfkey.c:804:pfkey_timeover(): 62.50.75.5 

give up to get IPsec-SA due to time up to wait.

Jun 8 07:53:13 	racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate 

new phase 2 negotiation: 213.39.112.30[0]<=>62.50.75.5[0]







This is the log of the m0n0wall (IP 62.50.75.5):

Jun 8 07:47:56 	racoon: ERROR: isakmp.c:1073:isakmp_ph2begin_r(): failed 

to pre-process packet.

Jun 8 07:47:56 	racoon: ERROR: isakmp_quick.c:1046:quick_r1recv(): 

failed to get sainfo.

Jun 8 07:47:56 	racoon: ERROR: isakmp_quick.c:1812:get_sainfo_r(): 

failed to get sainfo.

Jun 8 07:47:56 	racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond 

new phase 2 negotiation: 62.50.75.5[0]<=>213.39.112.30[0]







I used the same IP's with 2 m0n0wall and the tunnel came up fine !

Is there a knowed issue with ipsec between m0n0wall and pfSense ?



Has anybody a idea ?



Cheers,

Marc Berthold





  



-- 



#include <standard.disclaimer>

Berthold Marc, Rolle, Switzerland



// Computers are only interesting when they go wrong,

// otherwise it's just like watching television !!!







____________
Virus checked by G DATA AntiVirusKit