<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>Using PFsense and the latest shrewsoft client to
tunnel into my network in a lab environment. Running into a problem that
I can’t find a solution for. The tunnel is up but it keeps
rekeying. Here is a bit of the log from the PFsense side. To generate
traffic, I’m pinging from the client side.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Mar 10 15:26:35 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: WARNING: attribute has been
modified.<o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:26:35 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: IPsec-SA established: ESP
192.168.0.220[500]->192.168.0.118[500] spi=4390512(0x42fe70) <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:26:35 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: IPsec-SA established: ESP
192.168.0.220[500]->192.168.0.118[500] spi=2371876304(0x8d5ff5d0) <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:26:57 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: initiate new phase 2
negotiation: 192.168.0.220[500]<=>192.168.0.118[500] <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:26:57 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: WARNING: attribute has been
modified. <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:26:57 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: IPsec-SA established: ESP
192.168.0.220[500]->192.168.0.118[500] spi=181435376(0xad07bf0) <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:26:57 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: IPsec-SA established: ESP
192.168.0.220[500]->192.168.0.118[500] spi=495471846(0x1d884ce6) Mar 10
15:27:19 racoon: <strong><span style='font-family:"Calibri","sans-serif"'>[]</span></strong>:
INFO: initiate new phase 2 negotiation:
192.168.0.220[500]<=>192.168.0.118[500] <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:27:19 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: WARNING: attribute has been
modified. <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:27:19 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: IPsec-SA established: ESP
192.168.0.220[500]->192.168.0.118[500] spi=85353932(0x51665cc) <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:27:19 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: IPsec-SA established: ESP
192.168.0.220[500]->192.168.0.118[500] spi=540386023(0x2035a2e7) <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:27:41 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: initiate new phase 2
negotiation: 192.168.0.220[500]<=>192.168.0.118[500] <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:27:41 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: WARNING: attribute has been
modified. <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:27:41 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: IPsec-SA established: ESP
192.168.0.220[500]->192.168.0.118[500] spi=85404461(0x5172b2d) <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:27:41 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: IPsec-SA established: ESP
192.168.0.220[500]->192.168.0.118[500] spi=690417644(0x2926efec) <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:27:52 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: initiate new phase 2
negotiation: 192.168.0.220[500]<=>192.168.0.118[500] <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:27:52 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: WARNING: attribute has been
modified. <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:27:52 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: IPsec-SA established: ESP
192.168.0.220[500]->192.168.0.118[500] spi=219805043(0xd19f573) <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:27:52 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: IPsec-SA established: ESP
192.168.0.220[500]->192.168.0.118[500] spi=2551290233(0x98119979) <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:28:06 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: INFO: initiate new phase 2
negotiation: 192.168.0.220[500]<=>192.168.0.118[500] <o:p></o:p></p>
<p class=MsoNormal>Mar 10 15:28:06 racoon: <strong><span style='font-family:
"Calibri","sans-serif"'>[]</span></strong>: WARNING: attribute has been
modified.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Here is my raccoon.conf.<o:p></o:p></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>path pre_shared_key "/var/etc/psk.txt";<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>path certificate "/var/etc";<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>listen<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>{<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> adminsock
"/var/db/racoon/racoon.sock" "root" "wheel" 0660;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> isakmp
192.168.0.220 [500];<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> isakmp_natt
192.168.0.220 [4500];<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>}<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>mode_cfg<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>{<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> auth_source system;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> group_source
system;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> pool_size 253;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> network4
192.168.116.1;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> netmask4
255.255.255.0;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> split_network
include 206.42.152.0/24;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> dns4
206.42.152.10;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> banner
"/var/etc/racoon.motd";<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>}<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>remote anonymous<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>{<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> ph1id 1;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> exchange_mode
aggressive;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> my_identifier
keyid tag "riskadmin";<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> peers_identifier
keyid tag "riskadmin";<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> ike_frag on;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> generate_policy
= unique;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> initial_contact
= off;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> nat_traversal =
on; <o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> dpd_delay = 10;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> dpd_maxfail =
5;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> support_proxy
on;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> proposal_check
claim;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> proposal<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> {<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> authentication_method
xauth_psk_server;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> encryption_algorithm
3des;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> hash_algorithm
sha1;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> dh_group
2;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> lifetime
time 28800 secs;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> }<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>} <o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>sainfo subnet 206.42.152.0/24 any anonymous<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>{<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> remoteid 1;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> encryption_algorithm
3des;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> authentication_algorithm
hmac_sha1; <o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> lifetime time
28800 secs;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> compression_algorithm
deflate;<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>}<o:p></o:p></span></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>It looks like a new spi is being generated every 22
seconds. Can anybody tell me what is wrong?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thanks,<o:p></o:p></p>
<p class=MsoNormal> Adam<o:p></o:p></p>
</div>
<P><pre wrap>------------------------------------------------------------------------------Note: This E-mail and any attachments may be privileged and confidential and protected from disclosure. If the reader
of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the
intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this E-mail and any
attachments is strictly prohibited. If you have received this E-mail in error, please notify us immediately by returning it
to the sender and deleting it from your computer system. Thank you for your cooperation.
==============================================================================</pre></P></body>
</html>