[ previous ] [ next ] [ threads ]
 
 From:  Kerem Erciyes <k underscore erciyes at zegnaermenegildo dot it>
 To:  Fred Wright <fw at well dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re[4]: [m0n0wall] pptp, stability and ipsec problems
 Date:  Mon, 7 Feb 2005 13:12:01 +0200
Fred,

IP Address is ofcourse swapped, anything else is the same basic
configuration from the docbook pages.

I tried with and without preshared keys, IPs on the both ends are
identical still everytime I try I pass on to phase2 and then get the
message:

Feb 7 12:38:50 racoon: ERROR: pfkey.c:804:pfkey_timeover(): 212.12.133.230 give up to get IPsec-SA
due to time up to wait.
Feb 7 12:38:20 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation:
212.12.135.51[0]<=>212.12.133.230[0] 

So the phase 1 is a success but phase 2 no chance...

IP1 - IP2 is 4 hops and low latency but still no avail...

hmm... something missing maybe?


 
Kerem Erciyes (k underscore erciyes at zegnaermenegildo dot it)
IT Sorumlusu
ISMACO Amsterdam BV (+90 216 394 00 00)
Ermenegildo Zegna Butik (+90 212 291 10 24)

----------------------------------------------
This message is OpenPGP Signed and content and 
identity of the sender can be verified with a
pulic PGP key of the sender. Public PGP key
can be obtained upon request.
--------------------------------------------

Monday, February 7, 2005, 2:29:50 AM, you wrote:


FW> On Sat, 5 Feb 2005, Kerem Erciyes wrote:

>> Two different locations, both m0n0s give the same problem, I guess
>> 
>> Feb 5 17:44:56 last message repeated 3 times
>> Feb 5 17:44:09 /kernel: vr0: rx packet lost
>> 
>> One has a slightly older Network switch, but other location has a
>> brand new switch, and no problems with other HW. My guess is that
>> there is a compatibility problem with the onboard Via Rhine ethernet
>> and m0n0, or else...?
>> 
>> Other than that I do not understand why racoon fails to
>> get the SA info. Both have been configured identically,
>> have different subnets, and both has a pre shared key
>> associated with the ip address of the other.

FW> The configurations shouldn't be *completely* identical - the IP addresses
FW> need to be swapped between the two ends.  Most other parameters, including
FW> the preshared key, need to be identical.  This all may seem obvious, but
FW> it hasn't alwasy been to everyone. :-)

FW> 					Fred Wright


FW> ---------------------------------------------------------------------
FW> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
FW> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch