[ previous ] [ next ] [ threads ]
 
 From:  "Chris Breish" <cbreish at pchelpservice dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  m0n0wall to m0n0wall IPSec Issues
 Date:  Mon, 15 Nov 2004 13:41:05 -0500 
Hello all,

 

I'm fairly new to m0n0wall, so please forgive my ignorance.  I have 2
m0n0walls that I am trying to connect to each other via IPSec VPN over the
internet.  I have followed the tutorial in the documentation, double and
triple checking that all the settings were the same between the 2 devices.
The VPN connection still won't come up.  I'm not sure if I'm missing a rule,
or what the problem is. M0n0wall 1 is running v1.11.  m0n0wall 2 is running
v1.1

 

Here is the relevant portion of the system log from each: (IPs *ed for
privacy)

 

M0n0wall 1:

Nov 15 22:43:11 racoon: INFO: isakmp.c:1694:isakmp_post_acquire(): IPsec-SA
request for 66.*.*.* queued due to no phase1 found. 

Nov 15 22:43:11 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate new
phase 1 negotiation: 68.*.*.*[500]<=>66.*.*.*[500] 

Nov 15 22:43:11 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
Aggressive mode. 

Nov 15 22:43:43 racoon: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2
negotiation failed due to time up waiting for phase1. ESP 66.*.*.*->68.*.*.*


Nov 15 22:43:43 racoon: INFO: isakmp.c:1791:isakmp_chkph1there(): delete
phase 2 handler. Nov 15 22:44:12 racoon: ERROR:
isakmp.c:1447:isakmp_ph1resend(): phase1 negotiation failed due to time up.
68c6cdfaf780870f:0000000000000000 

Nov 15 23:31:36 racoon: INFO: isakmp.c:1694:isakmp_post_acquire(): IPsec-SA
request for 66.*.*.* queued due to no phase1 found. 

Nov 15 23:31:36 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate new
phase 1 negotiation: 68.*.*7.*[500]<=>66.*.*.*[500] 

Nov 15 23:31:36 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
Aggressive mode.

Nov 15 23:32:07 racoon: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2
negotiation failed due to time up waiting for phase1. ESP 66.*.*.*->68.*.*.*


Nov 15 23:32:07 racoon: INFO: isakmp.c:1791:isakmp_chkph1there(): delete
phase 2 handler. 

Nov 15 23:32:36 racoon: ERROR: isakmp.c:1447:isakmp_ph1resend(): phase1
negotiation failed due to time up. 1709e074ec9b43fa:0000000000000000

 

 

M0n0wall 2:


Nov 15 13:31:36

racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond new phase 1
negotiation: 66.*.*.*[500]<=>68.*.*.*[500]


Nov 15 13:31:36

racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin Aggressive mode.


Nov 15 13:31:36

racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't find the proper
pskey, try to get one by the peer's address.


Nov 15 13:31:46

racoon: NOTIFY: isakmp.c:267:isakmp_handler(): the packet is retransmitted
by 68.*.*.*[500].

 

Any help you could provide would be greatly appreciated.  If there is any
other information that you need let me know and I will provide it.

 

Chris Breish