[ previous ] [ next ] [ threads ]
 
 From:  "Ron Freidel" <rfreidel at computergeex dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  site to site problems
 Date:  Sun, 06 Nov 2005 02:25:03 +0000
Hi All,

I am attempting to configure a site to site ipsec tunnel with two monowalls,
and am having nothing but problems.

After working on this most of yesterday and a great deal of today I decided to
see if I could get a monowall to talk to a Juniper vpn, I had the tunnel up
and running in about five minutes, at first I was pleased, but then became
really frustrated when I couldn't accomplish the same thing with another
monowall.

I see these errors
Nov 5 15:36:16 	racoon: INFO: isakmp.c:1694:isakmp_post_acquire(): IPsec-SA
request for 69.xxx.xxx.59 queued due to no phase1 found.
Nov 5 15:36:16 	racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate new
phase 1 negotiation: 66.xxx.xxx.76[500]<=>69.xx.xx.59[500]
Nov 5 15:36:16 	racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin Identity
Protection mode.
Nov 5 15:36:47 	racoon: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2
negotiation failed due to time up waiting for phase1. ESP
69.xxx.xxx.59->66.xxx.xxx.76
Nov 5 15:36:47 	racoon: INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase
2 handler.

I can't seem to get past the phase1

Now the tunnel itself, checked the status.php page then compared them both
with diff, each are configured the same well except for ip's, etc, net on one
side is 192.168.10.0/24, the other side is 10.244.1.0/24 (can't be any
conflict there).

With my test vpn with the Juniper I used identical settings, even the same
pass phrase, still when I changed the vpn ip back to the other monowall it was
a no go.

I tried this setup with two seperate public ip's but on the same cable modem
(Ambit), and after the test with the Juniper I moved one to a different isp
connection (wireless), I have tried to loosen the encryption, can ping the
public ip from each network, just can't get the tunnel up.

Anyone have any ideas?