[ previous ] [ next ] [ threads ]
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall mailing list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] VPN broken in current beta
 Date:  Mon, 18 Oct 2004 13:02:36 -0400
Chris Buechler wrote:

>On Sun, 17 Oct 2004 22:43:07 -0400, Christopher M. Iarocci
><iarocci at eastendsc dot com> wrote:
>>Like I promised, here are the results.  That command changed nothing.
>>The VPN still disconnects and will not reconnect without me clicking
>>"save" in the gui.
>Can you send logs from both sides from around the time it's dropping?
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
 From the cisco:

%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi 
for destaddr=x.x.x.x, prot=50, spi=0x5A9AAF(5937839), srcaddr=x.x.x.x

from my m0n0wall:

racoon: ERROR: proposal.c:235:cmpsaprop_alloc(): pfs group mismatched: 
my:2 peer:0

It would appear settings are mismatched, however, they are not as far as 
we can tell.  The Cisco defaults to 1024 bit encryption, so the fact 
that the m0n0wall is seeing the pfs group as 0 has me confused.