[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Re[4]: [m0n0wall] pptp, stability and ipsec problems
 Date:  Tue, 8 Feb 2005 13:40:33 -0800 (PST)
On Mon, 7 Feb 2005, Kerem Erciyes wrote:

> IP Address is ofcourse swapped, anything else is the same basic
> configuration from the docbook pages.
> I tried with and without preshared keys, IPs on the both ends are
> identical still everytime I try I pass on to phase2 and then get the
> message:
> Feb 7 12:38:50 racoon: ERROR: pfkey.c:804:pfkey_timeover(): give up to get IPsec-SA
due to time up to wait.
> Feb 7 12:38:20 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation:[0]<=>[0] 
> So the phase 1 is a success but phase 2 no chance...

Yes.  Since this is a m0n0wall<->m0n0wall link, you can double-check the
configs directly by using exec.php to:

	setkey -DP
	cat /var/etc/racoon.conf
	cat /var/etc/psk.txt

Compare this between the two m0n0walls.  (Actually, checking the PSK
should be unnecessary given that Phase 1 succeeds).

					Fred Wright