[ previous ] [ next ] [ threads ]
 
 From:  "James F. Newberry" <jamesn at djcomputing dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSEC Problems
 Date:  Tue, 31 May 2005 07:48:25 -0500 
I just tried setting the MTU to 1400 with no luck.  Right now I have 2 monowall boxes hooked to my
WAN side switch and they still can not create an IPSEC link between the two of them.  I have tried
the setup guide in the Docs.  I have read as many posts as I could find.  Any other ideas?  Here is
the log
 
May 31 07:47:41	 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin Aggressive mode.	
May 31 07:47:41	 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate new phase 1 negotiation:
64.233.146.34[500]<=>64.233.146.43[500]	
May 31 07:47:41	 racoon: INFO: isakmp.c:1694:isakmp_post_acquire(): IPsec-SA request for
64.233.146.43 queued due to no phase1 found.	
May 31 07:47:33	 racoon: INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler.	
May 31 07:47:33	 racoon: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2 negotiation failed due to
time up waiting for phase1. ESP 64.233.146.43->64.233.146.34	
May 31 07:47:18	 racoon: ERROR: isakmp.c:1447:isakmp_ph1resend(): phase1 negotiation failed due to
time up. d38c8163638cd5fa:0000000000000000	
May 31 07:47:02	 racoon: INFO: isakmp.c:1713:isakmp_post_acquire(): request for establishing
IPsec-SA was queued due to no phase1 found.	
May 31 07:46:49	 racoon: INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler.	
May 31 07:46:49	 racoon: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2 negotiation failed due to
time up waiting for phase1. ESP 64.233.146.43->64.233.146.34	
May 31 07:46:18	 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin Aggressive mode.	
 
On Thursday 26 May 2005 09:09, James F. Newberry wrote:
> I've been trying to get IPSEC between 2 m0n0wall boxes working for
> about a week now.  I have read alot of the past posts and still have
> no luck. I've tried it over the internet and also locally.  I've
> tried, aggressive, main, ....  many different settings.  I setup a
> third box and still no luck.  I've checked the system time and that
> is ok.  The log tells me it can not establish phase 1.  Is there some
> setting I'm missing that is not under the ipsec section?
>
> Thanks for any ideas

I had the same problem and fixed it by changing the MTU on my machines
to 1400.  This seems to be necessary if one or both of your pipes is
DSL-based.

--george

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch