News: This forum is now permanently frozen.
Pages: [1]
Topic: Problem VPN client to site IPsec racoon:ERROR:such policy does not already exist  (Read 246 times)
« on: November 24, 2014, 18:16:59 »
Grosminet *
Posts: 4

Hello,

I created a customer VPN to site IPsec with the software Shrew VPNCLIENT V2.2.2. (For information I also used Thegreenbow and the problem is identical).

I followed the tuto at the address https://www.shrew.net/support/Howto_m0n0wall
And this one http://doc.m0n0.ch/handbook/faq-muvpn.html

The version of MonoWall is 1.34  built on Mon Nov 12 13:17:22 CET 2012
Platform Generic PC

The IP of the Lan de MonoWall is 192.168.0.1/24

The connection does well but in the logs system of MonoWall I have the error message:

racoon: ERROR: such policy does not already exist: "192.168.0.170/32[0] 192.168.0.0/24[0] proto=any dir=in"
racoon: ERROR: such policy does not already exist: "192.168.0.0/24[0] 192.168.0.170/32[0] proto=any dir=out"

I manage to ping MonoWall but not the inside of Lan.

In "diagnoses IPSEC" on MonoWall in the tab " SAD " I have well the values:

Source                     Destination      Protocol      SPI     Enc. alg.     Auth. alg.
22.228.90.146     82.237.236.8            ESP     5863a4ff     3des-cbc     hmac-sha1
82.237.236.8       22.228.90.146      ESP     0db808c7     3des-cbc      hmac-sha1

In "diagnoses IPSEC" on MonoWall in the tab " SPD " I have well the values:

Source                      Destination    Direction     Protocol      Tunnel endpoint
192.168.0.170     192.168.0.0/24     ->     ESP      82.237.236.8 - 22.228.90.146
192.168.0.0/24     192.168.0.170     <-      ESP      22.228.90.146 - 82.237.236.8

In " Firewall: Rules " I opened the rights on the various ports in the tab " WAN ".

Proto      Source       Port     Destination      Port      Description
UDP     *      *     Wan address     500     IPSEV ESP IKE
UDP     *      *     Wan address     4500     IPSEC ESP NAT-T
ESP     *      *       Wan address     *               IPsec ESP

In " Firewall: Rules " in the tab " IPsev VPN ", I authorized everything.

Proto      Source      Port       Destination      Port     Description
*     *      *     *     *     Autorisation VPN

In spite of my researches on the Internet, to make the request on the forum and all my tests, I do not manage to solve the problem (extract of the file " status.php " http://sgraffin.free.fr/VPN_Client_to_site_Monowall_Shrew.pdf).

Do you can help me?

Thank you

S├ębastien
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines