Freebsd to Sonicwall vpn tunnel
Christopher McGee
chris at xecu.net
Wed Jan 11 11:55:01 PST 2006
I have been searching far and wide for working examples of a
site-to-site vpn tunnel from a freebsd firewall to a sonicwall
appliance(Pro 2040). I can't even seem to make it work with it using
anonymous in the racoon.conf, however, at some point I need it to use a
specific sa for the sonicwall so tunnels connect using anon. Here are
the errors I get from the various logs.
From the sonicwall:
IKE negotiation complete. Adding IPSec SA. (Phase 2)
From racoon.log:
2006-01-11 14:21:38: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate
new phase 1 negotiation: 24.153.127.112[500]<=>12.96.91.86[500]
2006-01-11 14:21:38: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
Identity Protection mode.
2006-01-11 14:21:38: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA
established freebsd-ip[500]-sonicwall-ip[500]
spi:960f1f7cdc88e2ac:b89856165f09f180
2006-01-11 14:21:39: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
new phase 2 negotiation: freebsd-ip[0]<=>sonicwall-ip[0]
2006-01-11 14:21:39: ERROR: isakmp_inf.c:843:isakmp_info_recv_n():
unknown notify message, no phase2 handle found.
2006-01-11 14:21:54: ERROR: pfkey.c:804:pfkey_timeover(): sonicwall-ip
give up to get IPsec-SA due to time up to wait.
2006-01-11 14:22:05: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
new phase 2 negotiation: freebsd-ip[0]<=>sonicwall-ip[0]
2006-01-11 14:22:05: ERROR: isakmp_inf.c:843:isakmp_info_recv_n():
unknown notify message, no phase2 handle found.
I have working tunnels from the sonicwall to other sonicwall. I also
have working tunnels from the freebsd box to other freebsd machines. Has
anyone else done what I'm trying to do successfully?
Chris
More information about the freebsd-questions
mailing list