Racoon Error Failed To Get Sainfo
Contents |
« previous next » Print Pages: [1] Go Down Author Topic: Failed to get sainfo - Sonicwall NSA240 (Read 17195 times) 0 Members and 1 Guest failed to get sainfo meraki are viewing this topic. geewhz01 Jr. Member Posts: 67 Karma: +0/-0 received no_proposal_chosen error notify Failed to get sainfo - Sonicwall NSA240 « on: December 03, 2008, 01:52:38 pm » I have
Strongswan Received No_proposal_chosen Error Notify
a tunnel setup to a NSA240 that comes up but does not work. I have other Sonicwall devices connected with no problem but it appears this new unit
Received Invalid_id_information Error Notify
must be a little different in how they are handling ipsec. On the pfsense 1.21 box it shows:Dec 3 14:48:11 racoon: ERROR: failed to pre-process packet.Dec 3 14:48:11 racoon: ERROR: failed to get sainfo.Dec 3 14:48:11 racoon: ERROR: failed to get sainfo.Dec 3 14:48:11 racoon: [Royal Sonic]: INFO: respond new phase 2 negotiation: X.X.X.X[0]<=>X.X.X.X[0]Dec 3 14:47:55 racoon: id_prot request with message id 0 processing failed ERROR: failed to pre-process packet.Dec 3 14:47:55 racoon: ERROR: failed to get sainfo.Dec 3 14:47:55 racoon: ERROR: failed to get sainfo.Dec 3 14:47:55 racoon: [Royal Sonic]: INFO: respond new phase 2 negotiation: X.X.X.X[0]<=>X.X.X.X[0]On the Sonic box it shows:12/03/2008 11:49:49.368InfoVPN IKEIKE Initiator: Start Quick Mode (Phase 2).I have the lifetimes set for 28800 on both boxes on Phase 1 and 2. Both boxes show the tunnel as up but I can't pass any traffic across the vpn.Any ideas?Thanks,Andy Logged geewhz01 Jr. Member Posts: 67 Karma: +0/-0 Re: Failed to get sainfo - Sonicwall NSA240 « Reply #1 on: December 04, 2008, 07:08:38 pm » What I have found is that even though I have the interface of the vpn setup for my 1st carp address and the remote end setup to connect to the carp address that it doesn't work. The Sonicwall sees the packets coming from the carp address but inside the packet it's showing my wan address. The only way I can get this to connect
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings
Pfsense Ipsec Firewall Rules
and policies of this site About Us Learn more about Stack Overflow failed to pre-process ph2 packet the company Business Learn more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges invalid hash_v1 payload length, decryption failed? Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: https://forum.pfsense.org/index.php?topic=12934.0 Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top PFsense IPSec VPN failing phase 2 up vote 0 down vote favorite I am very new to VPNs and I am getting errors. I have posted the following lines that I think are the most relevant: Dec 2 08:41:03 racoon: DEBUG: IV http://serverfault.com/questions/648449/pfsense-ipsec-vpn-failing-phase-2 freed Dec 2 08:41:03 racoon: [EUA]: [79.121.213.141] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1). Dec 2 08:41:03 racoon: ERROR: failed to get sainfo. Dec 2 08:41:03 racoon: ERROR: failed to get sainfo. Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.10.0/24' Dec 2 08:41:03 racoon: DEBUG: cmpid target: '79.121.213.141/32' Dec 2 08:41:03 racoon: DEBUG: check and compare ids : value mismatch (IPv4_subnet) Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.0.0/24' Dec 2 08:41:03 racoon: DEBUG: cmpid target: '192.168.0.0/24' Dec 2 08:41:03 racoon: DEBUG: check and compare ids : values matched (IPv4_subnet) Dec 2 08:41:03 racoon: DEBUG: evaluating sainfo: loc='192.168.0.0/24', rmt='192.168.10.0/24', peer='ANY', id=1 Dec 2 08:41:03 racoon: DEBUG: getsainfo params: loc='192.168.0.0/24' rmt='79.121.213.141/32' peer='79.121.213.141' client='79.121.213.141' id=1 Dec 2 08:41:03 racoon: DEBUG: 304ccaa9 0176e9fb 71aa4c00 c864b944 24677b49 Dec 2 08:41:03 racoon: DEBUG: HASH computed: Dec 2 08:41:03 racoon: DEBUG: hmac(hmac_sha1) Can anyone tell me where this is going wrong? I don't think cmpid source and cmpid target should be the same? vpn ipsec pfsense share|improve this question asked Dec 2 '14 at 8:44 imperium2335 10816 add a com
Story" Mitel to Allworx VoIP Upgrading to a VoIP Telephone system New resv rack redo rack layout and clean up patch https://community.spiceworks.com/topic/247383-pfsense-ipsec-site-to-site panel TECHNOLOGY IN THIS DISCUSSION pfSense Join the Community! Creating your account only takes a few minutes. Join Now Hi All Is there anyone who can able to help me to fix http://forum.mikrotik.com/viewtopic.php?t=26187 my problem I have two pfsense installed in a different PC. both have two lan card, Public IP and Local IP I used IPSec VPN both are enabled My settings are: SITE A: failed to Remote Gateway: ISP IP Address (119.92.56.77) Mode: aggressive P1 Protocol: AES (256 bits) P1 transforms: SHA1 pre shreadKey: veryverysecret Encryption algorithm: AES | 256 bits Hash algorithm: SHA1 DH Key Group: 2 Lifetime: 28800 Phase 2: Local Network: LAN subnet Remote Network: 192.168.51.0/24 Protocol: ESP Encryption algorithm: AES/Blowfish/3DES/CAST128 Hash algorithms: SHA1/MD5 PFS key group: 2 lifetime:3600 SITE B: Remote Gateway: ISP IP Address (119.92.56.78) Mode: failed to get aggressive P1 Protocol: AES (256 bits) P1 transforms: SHA1 pre shreadKey: veryverysecret Encryption algorithm: AES | 256 bits Hash algorithm: SHA1 DH Key Group: 2 Lifetime: 28800 Phase 2: Local Network: LAN subnet Remote Network: 192.168.50.0/24 Protocol: ESP Encryption algorithm: AES/Blowfish/3DES/CAST128 Hash algorithms: SHA1/MD5 PFS key group: 2 lifetime:3600 On SITE A Logs: racoon: ERROR failed to get sainfo racoon:[ ]: [119.92.56.78] ERROR: failed to pre-process ph2 packet [check phase 2 settings, networks] (side 1, status: 1) On SITE B Logs: racoon: []: INFO: initiate new phase 2 negotiation: 119.92.56.78[500]<=>119.92.56.77[500] racoon: ERROR: 119.92.56.77 give up to get IPsec-SA due to time up to wait. racoon: []: INFO: initiate new phase 2 negotiation: 119.92.56.78[500]<=>119.92.56.77[500] racoon: ERROR: 119.92.56.77 give up to get IPsec-SA due to time up to wait. thanks Reply Subscribe RELATED TOPICS: pFsense ipSec traffic only flows one way. pfSense around the world, better IPSec, tryforward and netmap-fwd site to site VPN using pfsense IPsec   11 Replies Ghost Chili OP da Beast Jul 26, 2012 at 10:03 UTC I don't see anything that stands out - I will have to compare mine when I get access later.
Active topics Forum Register Login Remember me Announcements RouterOS RouterOS v6 RC and v7 BETA RouterOS v7 Beginner Basics General Forwarding Protocols Wireless Networking Scripting Virtualization Other topics The Dude RouterBOARD hardware The User Manager SwOS Training Home Forum index RouterOS General L R IPSec Phase 2 problems with racoon Post Reply Print view richardhkirkando just joined Topic Author Posts: 14 Joined: Mon Aug 25, 2008 9:11 pm Reputation: 0 IPSec Phase 2 problems with racoon 0 Quote #1 Mon Aug 25, 2008 9:47 pm Hello,Setting up a point-to-point IPSec VPN between RouterOS and a FreeBSD server running racoon. As far as I can tell, I have everything configured correctly, but when I attempt to send traffic over the tunnel and bring up the VPN, I get these messages in the log:13:33:49 ipsec,ike respond new phase 1 negotiation: 66.170.8.18[500]<=>69.129.194.51[500] 13:33:49 ipsec,ike begin Identity Protection mode. 13:33:49 ipsec,ike received Vendor ID: DPD 13:33:50 ipsec,ike ISAKMP-SA established 66.170.8.18[500]-69.129.194.51[500] spi:4a1db066a87d8bf1:7d3b7c7b60599f0c 13:33:51 ipsec,ike respond new phase 2 negotiation: 66.170.8.18[500]<=>69.129.194.51[500] 13:33:51 ipsec,ike spid 5c1 is not found 13:33:51 ipsec,ike failed to get sainfo. 13:33:51 ipsec,ike failed to get proposal for responder. 13:33:51 ipsec,ike failed to pre-process packet. I'm curious to see if anybody has any insight on the last four lines here. It would appear that I have something wrong in my phase 2 configs, but like I said before, everything seems to match up. If it helps, here are the relevant portions of my configs:RouterOS:Code: Select all/ip ipsec proposal
set default auth-algorithms=sha1 disabled=yes enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
add auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=1d name=proposal1 pfs-group=modp1024
/ip ipsec peer
add address=x.x.x.x/32:500 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=20s dpd-maximum-failures=\
1 enc-algorithm=3des exchange-mode=main generate-policy=no hash-algorithm=sha1 lifebytes=0 lifetime=1d nat-traversal=no \
proposal-che