Date: Wed, 11 Jan 2006 14:54:53 -0500 From: Christopher McGee <chris@xecu.net> To: freebsd-questions@freebsd.org Subject: Freebsd to Sonicwall vpn tunnel Message-ID: <43C5628D.9090103@xecu.net>
next in thread | raw e-mail | index | archive | help
I have been searching far and wide for working examples of a site-to-site vpn tunnel from a freebsd firewall to a sonicwall appliance(Pro 2040). I can't even seem to make it work with it using anonymous in the racoon.conf, however, at some point I need it to use a specific sa for the sonicwall so tunnels connect using anon. Here are the errors I get from the various logs. From the sonicwall: IKE negotiation complete. Adding IPSec SA. (Phase 2) From racoon.log: 2006-01-11 14:21:38: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 24.153.127.112[500]<=>12.96.91.86[500] 2006-01-11 14:21:38: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin Identity Protection mode. 2006-01-11 14:21:38: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA established freebsd-ip[500]-sonicwall-ip[500] spi:960f1f7cdc88e2ac:b89856165f09f180 2006-01-11 14:21:39: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: freebsd-ip[0]<=>sonicwall-ip[0] 2006-01-11 14:21:39: ERROR: isakmp_inf.c:843:isakmp_info_recv_n(): unknown notify message, no phase2 handle found. 2006-01-11 14:21:54: ERROR: pfkey.c:804:pfkey_timeover(): sonicwall-ip give up to get IPsec-SA due to time up to wait. 2006-01-11 14:22:05: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: freebsd-ip[0]<=>sonicwall-ip[0] 2006-01-11 14:22:05: ERROR: isakmp_inf.c:843:isakmp_info_recv_n(): unknown notify message, no phase2 handle found. I have working tunnels from the sonicwall to other sonicwall. I also have working tunnels from the freebsd box to other freebsd machines. Has anyone else done what I'm trying to do successfully? Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43C5628D.9090103>