Re: Re[4]: [m0n0wall] pptp, stability and ipsec problems

From:	Fred Wright <fw at well dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: Re[4]: [m0n0wall] pptp, stability and ipsec problems
Date:	Tue, 8 Feb 2005 13:40:33 -0800 (PST)

On Mon, 7 Feb 2005, Kerem Erciyes wrote:

> IP Address is ofcourse swapped, anything else is the same basic
> configuration from the docbook pages.
> 
> I tried with and without preshared keys, IPs on the both ends are
> identical still everytime I try I pass on to phase2 and then get the
> message:
> 
> Feb 7 12:38:50 racoon: ERROR: pfkey.c:804:pfkey_timeover(): 212.12.133.230 give up to get IPsec-SA
due to time up to wait.
> Feb 7 12:38:20 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation:
212.12.135.51[0]<=>212.12.133.230[0] 
> 
> So the phase 1 is a success but phase 2 no chance...

Yes.  Since this is a m0n0wall<->m0n0wall link, you can double-check the
configs directly by using exec.php to:

	setkey -DP
	cat /var/etc/racoon.conf
	cat /var/etc/psk.txt

Compare this between the two m0n0walls.  (Actually, checking the PSK
should be unnecessary given that Phase 1 succeeds).

					Fred Wright