|
||||||||
Are all of the settings the same, especially the DH key group and preshared key? The two lan's must be different subnets. -----Original Message----- From: Francesco [mailto:friscom at tin dot it] Sent: Monday, September 06, 2004 6:31 AM To: Alex Ledesma; m0n0wall at lists dot m0n0 dot ch Subject: RE: [m0n0wall] Error messages for an IPSec VPN Thanks Alex, I guess I forgot to specify that the address below are the endpoints whilst the two LANs have indeed separate addresses: LAN 1: 192.168.1.0/24 connected to FW having OPT1 on 176.20.0.22 LAN2: 192.168.2.0/24 connected to FW having OPT1 on 176.20.0.24 Francesco At 12.01 06/09/2004, you wrote: >I believe that the two networks must be different IE: (IP: 176.20.0.22 >and 176.20.1.24). Try that hope it helps > >-----Original Message----- >From: Francesco [mailto:friscom at tin dot it] >Sent: Monday, September 06, 2004 1:51 AM >To: m0n0wall at lists dot m0n0 dot ch >Subject: [m0n0wall] Error messages for an IPSec VPN > >I setup a test network between two Soekris boxes to get some confidence >with the VPN settings. The physical link was established between the >two OPT ports (IP: 176.20.0.22 and 176.20.0.24). To configure the >parameters for each fw I followed the IPSec guidelines available >on-line at the web site . Then I checked the specific Diagnostics and >the Logs to see what was not working. The messages are below. > >Would anyone help me to understand where I am wrong and how to fix my >configuration? Thanks in advance. >Francesco > >1- IPSec VPN Diagnostic error message: >No IPSec security association >(the SPD table is OK) > >2- FW 1 >Sep 3 18:22:22 racoon: ERROR: pfkey.c:2223:pk_recvspddump(): such >policy already exists. anyway replace it: 192.168.1.0/24[0] >192.168.2.0/24[0] proto=any dir=out >Sep 3 18:22:22 racoon: ERROR: pfkey.c:2223:pk_recvspddump(): such >policy already exists. anyway replace it: 192.168.2.0/24[0] >192.168.1.0/24[0] proto=any dir=in >Sep 3 18:22:22 racoon: INFO: isakmp.c:1358:isakmp_open(): >192.168.1.22[500] used as isakmp port (fd=10) >Sep 3 18:22:22 racoon: INFO: isakmp.c:1358:isakmp_open(): >176.20.0.22[500] used as isakmp port (fd=9) >Sep 3 18:22:22 racoon: INFO: isakmp.c:1358:isakmp_open(): >10.0.0.22[500] used as isakmp port (fd=8) >Sep 3 18:22:22 racoon: INFO: isakmp.c:1358:isakmp_open(): >127.0.0.1[500] used as isakmp port (fd=7) >Sep 3 18:22:22 racoon: INFO: main.c:175:main(): @(#)This product linked >OpenSSL 0.9.7c 30 Sep 2003 (http://www.openssl.org/) >Sep 3 18:22:22 racoon: INFO: main.c:174:main(): @(#)internal version >20001216 sakane at kame dot net >Sep 3 18:22:22 racoon: INFO: main.c:172:main(): @(#)package version >freebsd-20030826a >Sep 3 18:22:20 racoon: INFO: session.c:180:close_session(): racoon >shutdown >Sep 3 18:22:19 racoon: INFO: session.c:299:check_sigreq(): caught signal >15 > >3- FW2 >Sep 3 18:22:19 racoon: INFO: isakmp.c:1358:isakmp_open(): >192.168.2.24[500] used as isakmp port (fd=10) >Sep 3 18:22:19 racoon: INFO: isakmp.c:1358:isakmp_open(): >176.20.0.24[500] used as isakmp port (fd=9) >Sep 3 18:22:19 racoon: INFO: isakmp.c:1358:isakmp_open(): 10.0.0.24[500] >used as isakmp port (fd=8) >Sep 3 18:22:19 racoon: INFO: isakmp.c:1358:isakmp_open(): 127.0.0.1[500] >used as isakmp port (fd=7) >Sep 3 18:22:19 racoon: INFO: main.c:175:main(): @(#)This product linked >OpenSSL 0.9.7c 30 Sep 2003 (http://www.openssl.org/) >Sep 3 18:22:19 racoon: INFO: main.c:174:main(): @(#)internal version >20001216 sakane at kame dot net >Sep 3 18:22:19 racoon: INFO: main.c:172:main(): @(#)package version >freebsd-20030826a > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |