Pfsense Ipsec Racoon Error Failed To Get Sainfo
Contents |
« previous next » Print Pages: [1] Go Down Author Topic: Failed to get sainfo - Sonicwall NSA240 (Read 17179 times) 0 Members and 2 Guests are viewing this topic. geewhz01 Jr. Member Posts: 67 Karma: +0/-0 Failed to get sainfo - Sonicwall NSA240 « on: failed to get sainfo meraki December 03, 2008, 01:52:38 pm » I have a tunnel setup to a NSA240 that
Pfsense Ipsec Firewall Rules
comes up but does not work. I have other Sonicwall devices connected with no problem but it appears this new unit must be received no_proposal_chosen error notify a little different in how they are handling ipsec. On the pfsense 1.21 box it shows:Dec 3 14:48:11 racoon: ERROR: failed to pre-process packet.Dec 3 14:48:11 racoon: ERROR: failed to get sainfo.Dec 3 14:48:11 racoon: ERROR: failed
Strongswan Received No_proposal_chosen Error Notify
to get sainfo.Dec 3 14:48:11 racoon: [Royal Sonic]: INFO: respond new phase 2 negotiation: X.X.X.X[0]<=>X.X.X.X[0]Dec 3 14:47:55 racoon: ERROR: failed to pre-process packet.Dec 3 14:47:55 racoon: ERROR: failed to get sainfo.Dec 3 14:47:55 racoon: ERROR: failed to get sainfo.Dec 3 14:47:55 racoon: [Royal Sonic]: INFO: respond new phase 2 negotiation: X.X.X.X[0]<=>X.X.X.X[0]On the Sonic box it shows:12/03/2008 11:49:49.368InfoVPN IKEIKE Initiator: Start Quick Mode (Phase 2).I have the lifetimes set for 28800 on both boxes on received invalid_id_information error notify Phase 1 and 2. Both boxes show the tunnel as up but I can't pass any traffic across the vpn.Any ideas?Thanks,Andy Logged geewhz01 Jr. Member Posts: 67 Karma: +0/-0 Re: Failed to get sainfo - Sonicwall NSA240 « Reply #1 on: December 04, 2008, 07:08:38 pm » What I have found is that even though I have the interface of the vpn setup for my 1st carp address and the remote end setup to connect to the carp address that it doesn't work. The Sonicwall sees the packets coming from the carp address but inside the packet it's showing my wan address. The only way I can get this to connect is via the wan address. Is it not possible to use a carp address for the vpn connections or am I missing something else?Andy Logged brbubba Newbie Posts: 3 Karma: +0/-0 Re: Failed to get sainfo - Sonicwall NSA240 « Reply #2 on: January 11, 2009, 09:59:03 am » Quote from: geewhz01 on December 04, 2008, 07:08:38 pmWhat I have found is that even though I have the interface of the vpn setup for my 1st carp address and the remote end setup to connect to the carp address that it doesn't work. The Sonicwall sees the packets coming from the carp address but inside the packet it's showing my w
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn
Id_prot Request With Message Id 0 Processing Failed
more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered
Invalid Hash_v1 Payload Length, Decryption Failed?
Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: failed to pre-process ph2 packet Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top PFsense IPSec VPN failing phase 2 up vote 0 down vote favorite I https://forum.pfsense.org/index.php?topic=12934.0 am very new to VPNs and I am getting errors. I have posted the following lines that I think are the most relevant: Dec 2 08:41:03 racoon: DEBUG: IV freed Dec 2 08:41:03 racoon: [EUA]: [79.121.213.141] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1). Dec 2 08:41:03 racoon: ERROR: failed to get sainfo. Dec 2 08:41:03 racoon: ERROR: failed to get sainfo. Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.10.0/24' Dec http://serverfault.com/questions/648449/pfsense-ipsec-vpn-failing-phase-2 2 08:41:03 racoon: DEBUG: cmpid target: '79.121.213.141/32' Dec 2 08:41:03 racoon: DEBUG: check and compare ids : value mismatch (IPv4_subnet) Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.0.0/24' Dec 2 08:41:03 racoon: DEBUG: cmpid target: '192.168.0.0/24' Dec 2 08:41:03 racoon: DEBUG: check and compare ids : values matched (IPv4_subnet) Dec 2 08:41:03 racoon: DEBUG: evaluating sainfo: loc='192.168.0.0/24', rmt='192.168.10.0/24', peer='ANY', id=1 Dec 2 08:41:03 racoon: DEBUG: getsainfo params: loc='192.168.0.0/24' rmt='79.121.213.141/32' peer='79.121.213.141' client='79.121.213.141' id=1 Dec 2 08:41:03 racoon: DEBUG: 304ccaa9 0176e9fb 71aa4c00 c864b944 24677b49 Dec 2 08:41:03 racoon: DEBUG: HASH computed: Dec 2 08:41:03 racoon: DEBUG: hmac(hmac_sha1) Can anyone tell me where this is going wrong? I don't think cmpid source and cmpid target should be the same? vpn ipsec pfsense share|improve this question asked Dec 2 '14 at 8:44 imperium2335 10816 add a comment| 3 Answers 3 active oldest votes up vote 0 down vote Failed to get sainfo means that the racoon process cannot get the sainfo line from the racoon.conf config file that will match the incoming pair of IP addresses. In your particular case the following pair doesn't match (for obvious reason): Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.10.0/24' Dec 2 08:41:03 racoon: DEBUG: cmpid target: '79.121.213.141/32' Note if this isn't the only sainfo line in your racoon.conf, then this probably isn't the reason. But if there no other sainfos (they usually are created in pairs -
get sainfo" From: Marc Haber
Επιλέξτε τη γλώσσα σας. Κλείσιμο Μάθετε περισσότερα View this message in English Το YouTube εμφανίζεται στα Ελληνικά. Μπορείτε να αλλάξετε αυτή την προτίμηση παρακάτω. Learn more You're viewing YouTube in Greek. You can change this preference below. Κλείσιμο Ναι, θέλω να τη κρατήσω Αναίρεση Κλείσιμο Αυτό το βίντεο δεν είναι διαθέσιμο. Ουρά παρακολούθησηςΟυράΟυρά παρακολούθησηςΟυρά Κατάργηση όλωνΑποσύνδεση Φόρτωση... Ουρά παρακολούθησης Ουρά __count__/__total__ pfsense ipsec gre lereno ΕγγραφήΕγγραφήκατεΚατάργηση εγγραφής2828 Φόρτωση... Φόρτωση... Σε λειτουργία... Προσθήκη σε... Θέλετε να το δείτε ξανά αργότερα; Συνδεθείτε για να προσθέσετε το βίντεο σε playlist. Σύνδεση Κοινή χρήση Περισσότερα Αναφορά Θέλετε να αναφέρετε το βίντεο; Συνδεθείτε για να αναφέρετε ακατάλληλο περιεχόμενο. Σύνδεση 8.825 προβολές 22 Σας αρέσει αυτό το βίντεο; Συνδεθείτε για να μετρήσει η άποψή σας. Σύνδεση 23 0 Δεν σας αρέσει αυτό το βίντεο; Συνδεθείτε για να μετρήσει η άποψή σας. Σύνδεση 1 Φόρτωση... Φόρτωση... Φόρτωση... Η δυνατότητα αξιολόγησης είναι διαθέσιμη όταν το βίντεο είναι ενοικιασμένο. Αυτή η λειτουργία δεν είναι διαθέσιμη αυτήν τη στιγμή. Δοκιμάστε ξα