Racoon Error Failed To Pre-process Packet
Contents |
« previous next » Print Pages: [1] Go Down Author Topic: ERROR: failed to pre-process packet. (Read 5256 times) 0 Members and 1 Guest are viewing this topic. j.jptechworks Newbie Posts: 5 Karma: +0/-0 ERROR: failed to pre-process packet. « on: July 29, 2010, 02:10:44 pm
Racoon: Error: Failed To Get Sainfo.
» Hi,I am having a problem with IPsec between pfSense 1.2.3 and Check Point msg: failed to get sainfo. Firewall.I get the following every couple of minuites in the IPsec log:Jul 29 14:54:59 racoon: [xxxxx]: INFO: respond new phase 2 negotiation:
Failed To Pre-process Ph2 Packet
xx.xx.xxx.xxx[0]<=>xx.xxx.xxx.xxx[0]Jul 29 14:54:59 racoon: ERROR: failed to pre-process packet.Jul 29 14:54:59 racoon: [xxxxx]: INFO: respond new phase 2 negotiation: xx.xx.xxx.xx[0]<=>xx.xxx.xxx.xxx[0]Jul 29 14:54:59 racoon: ERROR: failed to pre-process packet. I sshed in and ran racoon in debug/verbose received no_proposal_chosen error notify mode. I found the following with the above error:"invalid length of payload"This error coincides with their telnet connections over this VPN becoming unstable which must be corrected.Another IPsec VPN with pfSense on both ends does not have this problem.Thanks! Logged jimp Administrator Hero Member Posts: 18999 Karma: +931/-7 Re: ERROR: failed to pre-process packet. « Reply #1 on: July 30, 2010, 08:00:58 am » How are your lifetime/timeout values on both ends of id_prot request with message id 0 processing failed the tunnel set?Have you tried setting System > Advanced, Prefer old IPsec SAs? Logged Need help fast? Commercial Support!Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.Do not PM for help! j.jptechworks Newbie Posts: 5 Karma: +0/-0 Re: ERROR: failed to pre-process packet. « Reply #2 on: July 30, 2010, 04:50:53 pm » Phase 1: 28800 secondsPhase 2: 3600 secondsI did try the prefer old IPsec SAs option but I was unable to ping the other side with it on.BTW, great job on the pfSense book. I've found it very helpful. Logged jimp Administrator Hero Member Posts: 18999 Karma: +931/-7 Re: ERROR: failed to pre-process packet. « Reply #3 on: August 02, 2010, 07:17:08 am » Are those the timeouts from the Checkpoint side, pfSense, or both?Also, does the Checkpoint side have a "data" lifetime setting? you might try increasing that quite a bit. Logged Need help fast? Commercial Support!Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.Do not PM for help! j.jptechworks Newbie Posts: 5 Karma: +0/-0 Re: ERROR: failed to pre-process packet. « Reply #4 on: August 03, 2010, 10:12:56 am » Those lifetimes should be on both ends. I do not have access to the checkpoint firewall. I submitted a ticket to have them c
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack
Strongswan Received No_proposal_chosen Error Notify
Overflow the company Business Learn more about hiring developers or posting ads with us Server received invalid_id_information error notify Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators.
Found 1 Matching Config, But None Allows Pre-shared Key Authentication Using Main Mode
Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top PFsense IPSec VPN failing https://forum.pfsense.org/index.php?topic=27076.0 phase 2 up vote 0 down vote favorite I am very new to VPNs and I am getting errors. I have posted the following lines that I think are the most relevant: Dec 2 08:41:03 racoon: DEBUG: IV freed Dec 2 08:41:03 racoon: [EUA]: [79.121.213.141] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1). Dec 2 08:41:03 racoon: ERROR: failed to get sainfo. Dec 2 08:41:03 http://serverfault.com/questions/648449/pfsense-ipsec-vpn-failing-phase-2 racoon: ERROR: failed to get sainfo. Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.10.0/24' Dec 2 08:41:03 racoon: DEBUG: cmpid target: '79.121.213.141/32' Dec 2 08:41:03 racoon: DEBUG: check and compare ids : value mismatch (IPv4_subnet) Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.0.0/24' Dec 2 08:41:03 racoon: DEBUG: cmpid target: '192.168.0.0/24' Dec 2 08:41:03 racoon: DEBUG: check and compare ids : values matched (IPv4_subnet) Dec 2 08:41:03 racoon: DEBUG: evaluating sainfo: loc='192.168.0.0/24', rmt='192.168.10.0/24', peer='ANY', id=1 Dec 2 08:41:03 racoon: DEBUG: getsainfo params: loc='192.168.0.0/24' rmt='79.121.213.141/32' peer='79.121.213.141' client='79.121.213.141' id=1 Dec 2 08:41:03 racoon: DEBUG: 304ccaa9 0176e9fb 71aa4c00 c864b944 24677b49 Dec 2 08:41:03 racoon: DEBUG: HASH computed: Dec 2 08:41:03 racoon: DEBUG: hmac(hmac_sha1) Can anyone tell me where this is going wrong? I don't think cmpid source and cmpid target should be the same? vpn ipsec pfsense share|improve this question asked Dec 2 '14 at 8:44 imperium2335 10816 add a comment| 3 Answers 3 active oldest votes up vote 0 down vote Failed to get sainfo means that the racoon process cannot get the sainfo line from the racoon.conf config file that will match the incoming pair of IP addresses. In your particular case the following pair doesn't match (for obvious reason): Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.10.0/24' Dec 2 08:41:03 racoon: DEBUG: cmpid target: '79.121.213.141/32' N
instructions: Windows Mac Red Hat Linux Ubuntu Click URL instructions: Right-click on ad, choose "Copy Link", then paste here → (This may not be possible with some types of ads) More information https://sourceforge.net/p/ipsec-tools/mailman/message/19544456/ about our ad policies X You seem to have CSS turned off. Please don't fill out this field. You seem to have CSS turned off. Please don't fill out this field. Briefly describe the problem (required): Upload screenshot of ad (required): Select a file, or drag & drop file here. ✔ ✘ Please provide the ad click URL, if possible: Home Browse IPsec Tools Mailing failed to Lists IPsec Tools Brought to you by: mit_warlord Summary Files Reviews Support Wiki Mailing Lists Tickets ▾ Bugs Support Requests Patches Feature Requests Code ipsec-tools-announce ipsec-tools-commits ipsec-tools-devel ipsec-tools-users Re: [Ipsec-tools-users] Failed to pre-process packet. Re: [Ipsec-tools-users] Failed to pre-process packet. From: VANHULLEBUS Yvan