[ previous ] [ next ] [ threads ]
 
 From:  Don Munyak <don dot munyak at gmail dot com>
 To:  Pascal Simon <psi at netway dash solutions dot ch>
 Cc:  Claude Hecker <claude dot hecker at phoenix dash mecano dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: AW: [m0n0wall] IPSec m0n0wall / Zyxel Prestige 653HWI
 Date:  Tue, 5 Apr 2005 12:01:50 -0400
I have experienced the same issue with respect to chaning time. After
you change the time zone, no change to firewall log. But if you open
exec.php, the system time at the top of the screen is updated.

The only way I was able to get the correct time was:

1. Change the time zone
2. Reboot the router.

just my experience...

- Don

On Apr 5, 2005 8:58 AM, Pascal Simon <psi at netway dash solutions dot ch> wrote:
> Hy Claude
> 
> Thanks for the advice.
> The systemtime is now correct.
> 
> Pascal
> 

> Von: Claude Hecker [mailto:claude dot hecker at phoenix dash mecano dot com]
> Gesendet: Dienstag, 5. April 2005 12:57
> An: Pascal Simon; m0n0wall at lists dot m0n0 dot ch
> Betreff: Re: AW: [m0n0wall] IPSec m0n0wall / Zyxel Prestige 653HWI
> 
> 
> Try to set the date under exec.php with the date command..
> 
> Regards
> Claude
> 
> Am 05.04.2005 12:42 Uhr schrieb "Pascal Simon" unter
> <psi at netway dash solutions dot ch>:
> 
> >
> >
> > Hy Holger
> >
> > Oh yes, I allready entered the ip of the ntp server pool.ntp.org
> > (63.164.62.249), but there was no change at all !
> >
> > Greetings
> >
> > Pascal
> >

> > Von: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de]
> > Gesendet: Dienstag, 5. April 2005 12:32
> > An: m0n0wall at lists dot m0n0 dot ch; Pascal Simon
> > Betreff: AW: [m0n0wall] IPSec m0n0wall / Zyxel Prestige 653HWI
> >
> > Did you enter some dns entry on general settings of the m0n0wall?
> Otherwise
> > pool.ntp.org can not be
> > resolved and time isn't synced. Try if you can ping pool.ntp.org under
> > diagnostics>ping.
> >
> > Greetings,
> > Holger Bauer
> >
> >
> >
> >

> > Von: Pascal Simon [mailto:psi at netway dash solutions dot ch]
> > Gesendet: Dienstag, 5. April 2005 11:55
> > An: m0n0wall at lists dot m0n0 dot ch
> > Betreff: AW: [m0n0wall] IPSec m0n0wall / Zyxel Prestige 653HWI
> >
> >
> >
> > Hy Vincent
> >
> > Thanks for your quick answer.
> > I will try too do a synchronized reboot of both devices. At the moment I
> > can't do this, because both systems are in use.
> >
> > Is it possible that the problem I have s'got something to do with the
> > m0n0walls systemtime? Because I wasn't able to change it to the right
> time.
> > At the moment the systemdate is Jan 1 04:26:26. and it normally must be
> > nearly Mar 5 11:23:00.
> > The NTP Time server is set to pool.ntp.org and I also choosed the right
> > time-zone (Europe/Zurich)
> >
> > Thank you very much
> >
> > Regards
> >
> > Pascal
> >
> >

> > Von: Vincent Fleuranceau [mailto:vincent at bikost dot com]
> > Gesendet: Dienstag, 5. April 2005 11:10
> > An: Pascal Simon
> > Betreff: Re: [m0n0wall] IPSec m0n0wall / Zyxel Prestige 653HWI
> >
> > -------- Message original --------
> >
> >> > racoon: INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2
> handler.
> >> >
> >> > racoon: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2 negotiation
> > failed
> >> > due to time up waiting for phase1. ESP 213.XXX.XXX.XXX->157.XXX.XXX.XXX
> >
> > That's a typical error when Phase 1 is not ready (main mode takes a lot
> > of time compared to aggressive) and phase 2 is trying to negotiate.
> >
> > Try to do a synchronized reboot of both routers. Besides that, I'd use a
> > 1-day (86400 seconds) P1 lifetime value to minimize such annoyances.
> >
> > I personally reboot both tunnel ends on every Sunday at 4:00 AM. I use
> > curl and a cron job on a 24/24 running server and use 86400 lifetime
> > value for Phase 1. This helps to keep IPsec Phase 1 synchronized. In
> > addition, I use Fred Wright's pinger kludge to trigger the IPsec tunnel
> > at boot time. Tell me if you're interested.
> >
> > You have to be aware that IPsec and racoon's implementation in
> > particular is not perfect. For example, if you have to reboot one
> > router, you can't be 100% sure the tunnel will re-establish quickly...
> >
> > Good luck!
> >
> > -- Vincent
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> > ____________
> > Virus checked by G DATA AntiVirusKit
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>