[ previous ] [ next ] [ threads ]
 
 From:  Mike Mentges <mmentges at gstisecurity dot com>
 To:  "James F. Newberry" <jamesn at djcomputing dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC Problems
 Date:  Tue, 31 May 2005 11:08:55 -0400
Can you browse to the hidden exec.php script   
(http://yourmonoip/exec.php) and provide the ipsec configs for each machine?
You should be able to view it by typing this....       'cat 
/var/etc/racoon.conf' unless there is something different with your 
install.. (I use CD)
 From there we can see if we can help. Make sure you take out anything 
you might not want us to see such as passkeys and ip's

Mike Mentges
Security Engineer/Architect
Global Security Technologies Inc.
mmentges at gstisecurity dot com






James F. Newberry wrote:

>I've checked the settings more times then I can count.  I've started over many times, I've tried
different options.  It's very strange.
> 
>On Tuesday 31 May 2005 08:48, James F. Newberry wrote:
>  
>
>>I just tried setting the MTU to 1400 with no luck.  Right now I have
>>2 monowall boxes hooked to my WAN side switch and they still can not
>>create an IPSEC link between the two of them.  I have tried the setup
>>guide in the Docs.  I have read as many posts as I could find.  Any
>>other ideas?  Here is the log
>>
>>May 31 07:47:41        racoon: INFO: isakmp.c:813:isakmp_ph1begin_i():
>>begin Aggressive mode. May 31 07:47:41         racoon: INFO:
>>isakmp.c:808:isakmp_ph1begin_i(): initiate new phase 1 negotiation:
>>64.233.146.34[500]<=>64.233.146.43[500] May 31 07:47:41        racoon:
>>INFO: isakmp.c:1694:isakmp_post_acquire(): IPsec-SA request for
>>64.233.146.43 queued due to no phase1 found. May 31 07:47:33   racoon:
>>INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler. May
>>31 07:47:33    racoon: ERROR: isakmp.c:1786:isakmp_chkph1there():
>>phase2 negotiation failed due to time up waiting for phase1. ESP
>>64.233.146.43->64.233.146.34 May 31 07:47:18   racoon: ERROR:
>>isakmp.c:1447:isakmp_ph1resend(): phase1 negotiation failed due to
>>time up. d38c8163638cd5fa:0000000000000000 May 31 07:47:02     racoon:
>>INFO: isakmp.c:1713:isakmp_post_acquire(): request for establishing
>>IPsec-SA was queued due to no phase1 found. May 31 07:46:49    racoon:
>>INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler. May
>>31 07:46:49    racoon: ERROR: isakmp.c:1786:isakmp_chkph1there():
>>phase2 negotiation failed due to time up waiting for phase1. ESP
>>64.233.146.43->64.233.146.34 May 31 07:46:18   racoon: INFO:
>>isakmp.c:813:isakmp_ph1begin_i(): begin Aggressive mode.
>>
>>    
>>
>
>Looking at your logs it seems that the tunnel is never established.  My
>problem was that big packets just got clipped but _after_ the tunnel
>was established.  I suspect that you have some mismatch in parameters
>at the two endpoints.
>
>--george
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>  
>