[ previous ] [ next ] [ threads ]
 
 From:  Francesco <friscom at tin dot it>
 To:  "Alex Ledesma" <aledesma at snappydsl dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Error messages for an IPSec VPN
 Date:  Mon, 06 Sep 2004 13:31:26 +0200
Thanks Alex,
I guess I forgot to specify that the address below are the endpoints whilst 
the two LANs have indeed separate addresses:
LAN 1: 192.168.1.0/24 connected to FW having OPT1 on 176.20.0.22
LAN2:  192.168.2.0/24 connected to FW having OPT1 on 176.20.0.24

Francesco

At 12.01 06/09/2004, you wrote:
>I believe that the two networks must be different IE: (IP: 176.20.0.22 and
>176.20.1.24). Try that hope it helps
>
>-----Original Message-----
>From: Francesco [mailto:friscom at tin dot it]
>Sent: Monday, September 06, 2004 1:51 AM
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: [m0n0wall] Error messages for an IPSec VPN
>
>I setup a test network between two Soekris boxes to get some confidence
>with the VPN settings. The physical link was established between the two
>OPT ports (IP: 176.20.0.22 and 176.20.0.24).
>To configure the parameters for each fw I followed the IPSec guidelines
>available on-line at the web site .
>Then I checked the specific Diagnostics and the Logs to see what was not
>working. The messages are below.
>
>Would anyone help me to understand where I am wrong and how to fix  my
>configuration?
>Thanks in advance.
>Francesco
>
>1- IPSec VPN Diagnostic error message:
>No IPSec security association
>(the SPD table is OK)
>
>2- FW 1
>Sep 3 18:22:22     racoon: ERROR: pfkey.c:2223:pk_recvspddump(): such
>policy already exists. anyway replace it: 192.168.1.0/24[0]
>192.168.2.0/24[0] proto=any dir=out
>Sep 3 18:22:22     racoon: ERROR: pfkey.c:2223:pk_recvspddump(): such
>policy already exists. anyway replace it: 192.168.2.0/24[0]
>192.168.1.0/24[0] proto=any dir=in
>Sep 3 18:22:22     racoon: INFO: isakmp.c:1358:isakmp_open():
>192.168.1.22[500] used as isakmp port (fd=10)
>Sep 3 18:22:22     racoon: INFO: isakmp.c:1358:isakmp_open():
>176.20.0.22[500] used as isakmp port (fd=9)
>Sep 3 18:22:22     racoon: INFO: isakmp.c:1358:isakmp_open():
>10.0.0.22[500] used as isakmp port (fd=8)
>Sep 3 18:22:22     racoon: INFO: isakmp.c:1358:isakmp_open():
>127.0.0.1[500] used as isakmp port (fd=7)
>Sep 3 18:22:22     racoon: INFO: main.c:175:main(): @(#)This product linked
>OpenSSL 0.9.7c 30 Sep 2003 (http://www.openssl.org/)
>Sep 3 18:22:22     racoon: INFO: main.c:174:main(): @(#)internal version
>20001216 sakane at kame dot net
>Sep 3 18:22:22     racoon: INFO: main.c:172:main(): @(#)package version
>freebsd-20030826a
>Sep 3 18:22:20     racoon: INFO: session.c:180:close_session(): racoon
>shutdown
>Sep 3 18:22:19     racoon: INFO: session.c:299:check_sigreq(): caught signal
>15
>
>3- FW2
>Sep 3 18:22:19    racoon: INFO: isakmp.c:1358:isakmp_open():
>192.168.2.24[500] used as isakmp port (fd=10)
>Sep 3 18:22:19    racoon: INFO: isakmp.c:1358:isakmp_open():
>176.20.0.24[500] used as isakmp port (fd=9)
>Sep 3 18:22:19    racoon: INFO: isakmp.c:1358:isakmp_open(): 10.0.0.24[500]
>used as isakmp port (fd=8)
>Sep 3 18:22:19    racoon: INFO: isakmp.c:1358:isakmp_open(): 127.0.0.1[500]
>used as isakmp port (fd=7)
>Sep 3 18:22:19    racoon: INFO: main.c:175:main(): @(#)This product linked
>OpenSSL 0.9.7c 30 Sep 2003 (http://www.openssl.org/)
>Sep 3 18:22:19    racoon: INFO: main.c:174:main(): @(#)internal version
>20001216 sakane at kame dot net
>Sep 3 18:22:19    racoon: INFO: main.c:172:main(): @(#)package version
>freebsd-20030826a
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch