[ previous ] [ next ] [ threads ]
 
 From:  Francesco <friscom at tin dot it>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Error messages for an IPSec VPN
 Date:  Mon, 06 Sep 2004 07:50:49 +0200 
I setup a test network between two Soekris boxes to get some confidence 
with the VPN settings. The physical link was established between the two 
OPT ports (IP: 176.20.0.22 and 176.20.0.24).
To configure the parameters for each fw I followed the IPSec guidelines 
available on-line at the web site .
Then I checked the specific Diagnostics and the Logs to see what was not 
working. The messages are below.

Would anyone help me to understand where I am wrong and how to fix  my 
configuration?
Thanks in advance.
Francesco

1- IPSec VPN Diagnostic error message:
No IPSec security association
(the SPD table is OK)

2- FW 1
Sep 3 18:22:22     racoon: ERROR: pfkey.c:2223:pk_recvspddump(): such 
policy already exists. anyway replace it: 192.168.1.0/24[0] 
192.168.2.0/24[0] proto=any dir=out
Sep 3 18:22:22     racoon: ERROR: pfkey.c:2223:pk_recvspddump(): such 
policy already exists. anyway replace it: 192.168.2.0/24[0] 
192.168.1.0/24[0] proto=any dir=in
Sep 3 18:22:22     racoon: INFO: isakmp.c:1358:isakmp_open(): 
192.168.1.22[500] used as isakmp port (fd=10)
Sep 3 18:22:22     racoon: INFO: isakmp.c:1358:isakmp_open(): 
176.20.0.22[500] used as isakmp port (fd=9)
Sep 3 18:22:22     racoon: INFO: isakmp.c:1358:isakmp_open(): 
10.0.0.22[500] used as isakmp port (fd=8)
Sep 3 18:22:22     racoon: INFO: isakmp.c:1358:isakmp_open(): 
127.0.0.1[500] used as isakmp port (fd=7)
Sep 3 18:22:22     racoon: INFO: main.c:175:main(): @(#)This product linked 
OpenSSL 0.9.7c 30 Sep 2003 (http://www.openssl.org/)
Sep 3 18:22:22     racoon: INFO: main.c:174:main(): @(#)internal version 
20001216 sakane at kame dot net
Sep 3 18:22:22     racoon: INFO: main.c:172:main(): @(#)package version 
freebsd-20030826a
Sep 3 18:22:20     racoon: INFO: session.c:180:close_session(): racoon shutdown
Sep 3 18:22:19     racoon: INFO: session.c:299:check_sigreq(): caught signal 15

3- FW2
Sep 3 18:22:19    racoon: INFO: isakmp.c:1358:isakmp_open(): 
192.168.2.24[500] used as isakmp port (fd=10)
Sep 3 18:22:19    racoon: INFO: isakmp.c:1358:isakmp_open(): 
176.20.0.24[500] used as isakmp port (fd=9)
Sep 3 18:22:19    racoon: INFO: isakmp.c:1358:isakmp_open(): 10.0.0.24[500] 
used as isakmp port (fd=8)
Sep 3 18:22:19    racoon: INFO: isakmp.c:1358:isakmp_open(): 127.0.0.1[500] 
used as isakmp port (fd=7)
Sep 3 18:22:19    racoon: INFO: main.c:175:main(): @(#)This product linked 
OpenSSL 0.9.7c 30 Sep 2003 (http://www.openssl.org/)
Sep 3 18:22:19    racoon: INFO: main.c:174:main(): @(#)internal version 
20001216 sakane at kame dot net
Sep 3 18:22:19    racoon: INFO: main.c:172:main(): @(#)package version 
freebsd-20030826a