From owner-freebsd-questions@FreeBSD.ORG Wed Jan 11 19:55:00 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E637E16A41F for ; Wed, 11 Jan 2006 19:55:00 +0000 (GMT) (envelope-from chris@xecu.net) Received: from mss2.myactv.net (mss2.myactv.net [24.89.0.27]) by mx1.FreeBSD.org (Postfix) with SMTP id 63AA643D46 for ; Wed, 11 Jan 2006 19:55:00 +0000 (GMT) (envelope-from chris@xecu.net) Received: (qmail 7947 invoked from network); 11 Jan 2006 19:54:59 -0000 Received: from stat-153-127-112.myactv.net (HELO ?192.168.1.86?) (24.153.127.112) by mss2.myactv.net with SMTP; 11 Jan 2006 19:54:59 -0000 Message-ID: <43C5628D.9090103@xecu.net> Date: Wed, 11 Jan 2006 14:54:53 -0500 From: Christopher McGee User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Freebsd to Sonicwall vpn tunnel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 19:55:01 -0000 I have been searching far and wide for working examples of a site-to-site vpn tunnel from a freebsd firewall to a sonicwall appliance(Pro 2040). I can't even seem to make it work with it using anonymous in the racoon.conf, however, at some point I need it to use a specific sa for the sonicwall so tunnels connect using anon. Here are the errors I get from the various logs. From the sonicwall: IKE negotiation complete. Adding IPSec SA. (Phase 2) From racoon.log: 2006-01-11 14:21:38: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 24.153.127.112[500]<=>12.96.91.86[500] 2006-01-11 14:21:38: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin Identity Protection mode. 2006-01-11 14:21:38: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA established freebsd-ip[500]-sonicwall-ip[500] spi:960f1f7cdc88e2ac:b89856165f09f180 2006-01-11 14:21:39: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: freebsd-ip[0]<=>sonicwall-ip[0] 2006-01-11 14:21:39: ERROR: isakmp_inf.c:843:isakmp_info_recv_n(): unknown notify message, no phase2 handle found. 2006-01-11 14:21:54: ERROR: pfkey.c:804:pfkey_timeover(): sonicwall-ip give up to get IPsec-SA due to time up to wait. 2006-01-11 14:22:05: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: freebsd-ip[0]<=>sonicwall-ip[0] 2006-01-11 14:22:05: ERROR: isakmp_inf.c:843:isakmp_info_recv_n(): unknown notify message, no phase2 handle found. I have working tunnels from the sonicwall to other sonicwall. I also have working tunnels from the freebsd box to other freebsd machines. Has anyone else done what I'm trying to do successfully? Chris