[ previous ] [ next ] [ threads ]
 
 From:  Claude Hecker <claude dot hecker at phoenix dash mecano dot com>
 To:  "James F. Newberry" <jamesn at djcomputing dot net>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IPSEC Problems
 Date:  Tue, 31 May 2005 16:48:40 +0200 
Hi James...
Can I ake a look at your configs, or m0n0walls?
Don't post the password an account on the list..

Regards 
Claude


Am 31.05.2005 16:40 Uhr schrieb "James F. Newberry" unter
<jamesn at djcomputing dot net>:

> I've checked the settings more times then I can count.  I've started over many
> times, I've tried different options.  It's very strange.
>  
> On Tuesday 31 May 2005 08:48, James F. Newberry wrote:
>> I just tried setting the MTU to 1400 with no luck.  Right now I have
>> 2 monowall boxes hooked to my WAN side switch and they still can not
>> create an IPSEC link between the two of them.  I have tried the setup
>> guide in the Docs.  I have read as many posts as I could find.  Any
>> other ideas?  Here is the log
>> 
>> May 31 07:47:41        racoon: INFO: isakmp.c:813:isakmp_ph1begin_i():
>> begin Aggressive mode. May 31 07:47:41         racoon: INFO:
>> isakmp.c:808:isakmp_ph1begin_i(): initiate new phase 1 negotiation:
>> 64.233.146.34[500]<=>64.233.146.43[500] May 31 07:47:41        racoon:
>> INFO: isakmp.c:1694:isakmp_post_acquire(): IPsec-SA request for
>> 64.233.146.43 queued due to no phase1 found. May 31 07:47:33   racoon:
>> INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler. May
>> 31 07:47:33    racoon: ERROR: isakmp.c:1786:isakmp_chkph1there():
>> phase2 negotiation failed due to time up waiting for phase1. ESP
>> 64.233.146.43->64.233.146.34 May 31 07:47:18   racoon: ERROR:
>> isakmp.c:1447:isakmp_ph1resend(): phase1 negotiation failed due to
>> time up. d38c8163638cd5fa:0000000000000000 May 31 07:47:02     racoon:
>> INFO: isakmp.c:1713:isakmp_post_acquire(): request for establishing
>> IPsec-SA was queued due to no phase1 found. May 31 07:46:49    racoon:
>> INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler. May
>> 31 07:46:49    racoon: ERROR: isakmp.c:1786:isakmp_chkph1there():
>> phase2 negotiation failed due to time up waiting for phase1. ESP
>> 64.233.146.43->64.233.146.34 May 31 07:46:18   racoon: INFO:
>> isakmp.c:813:isakmp_ph1begin_i(): begin Aggressive mode.
>> 
> 
> Looking at your logs it seems that the tunnel is never established.  My
> problem was that big packets just got clipped but _after_ the tunnel
> was established.  I suspect that you have some mismatch in parameters
> at the two endpoints.
> 
> --george
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>