Try to set the date under exec.php with the date command..

Regards
Claude

Am 05.04.2005 12:42 Uhr schrieb "Pascal Simon" unter
<psi at netway dash solutions dot ch>:

> 
> 
> Hy Holger 
> 
> Oh yes, I allready entered the ip of the ntp server pool.ntp.org
> (63.164.62.249), but there was no change at all !
> 
> Greetings 
> 
> Pascal 
> 
> -----Ursprüngliche Nachricht-----
> Von: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de]
> Gesendet: Dienstag, 5. April 2005 12:32
> An: m0n0wall at lists dot m0n0 dot ch; Pascal Simon
> Betreff: AW: [m0n0wall] IPSec m0n0wall / Zyxel Prestige 653HWI
> 
> Did you enter some dns entry on general settings of the m0n0wall? Otherwise
> pool.ntp.org can not be
> resolved and time isn't synced. Try if you can ping pool.ntp.org under
> diagnostics>ping.
> 
> Greetings, 
> Holger Bauer 
> 
> 
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Pascal Simon [mailto:psi at netway dash solutions dot ch]
> Gesendet: Dienstag, 5. April 2005 11:55
> An: m0n0wall at lists dot m0n0 dot ch
> Betreff: AW: [m0n0wall] IPSec m0n0wall / Zyxel Prestige 653HWI
> 
> 
> 
> Hy Vincent 
> 
> Thanks for your quick answer.
> I will try too do a synchronized reboot of both devices. At the moment I
> can't do this, because both systems are in use.
> 
> Is it possible that the problem I have s'got something to do with the
> m0n0walls systemtime? Because I wasn't able to change it to the right time.
> At the moment the systemdate is Jan 1 04:26:26. and it normally must be
> nearly Mar 5 11:23:00.
> The NTP Time server is set to pool.ntp.org and I also choosed the right
> time-zone (Europe/Zurich)
> 
> Thank you very much
> 
> Regards 
> 
> Pascal 
> 
>  
> -----Ursprüngliche Nachricht-----
> Von: Vincent Fleuranceau [mailto:vincent at bikost dot com]
> Gesendet: Dienstag, 5. April 2005 11:10
> An: Pascal Simon 
> Betreff: Re: [m0n0wall] IPSec m0n0wall / Zyxel Prestige 653HWI
> 
> -------- Message original --------
> 
>> > racoon: INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler.
>> > 
>> > racoon: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2 negotiation
> failed 
>> > due to time up waiting for phase1. ESP 213.XXX.XXX.XXX->157.XXX.XXX.XXX
> 
> That's a typical error when Phase 1 is not ready (main mode takes a lot
> of time compared to aggressive) and phase 2 is trying to negotiate.
> 
> Try to do a synchronized reboot of both routers. Besides that, I'd use a
> 1-day (86400 seconds) P1 lifetime value to minimize such annoyances.
> 
> I personally reboot both tunnel ends on every Sunday at 4:00 AM. I use
> curl and a cron job on a 24/24 running server and use 86400 lifetime
> value for Phase 1. This helps to keep IPsec Phase 1 synchronized. In
> addition, I use Fred Wright's pinger kludge to trigger the IPsec tunnel
> at boot time. Tell me if you're interested.
> 
> You have to be aware that IPsec and racoon's implementation in
> particular is not perfect. For example, if you have to reboot one
> router, you can't be 100% sure the tunnel will re-establish quickly...
> 
> Good luck! 
> 
> -- Vincent 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> ____________ 
> Virus checked by G DATA AntiVirusKit
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>