[ previous ] [ next ] [ threads ]
 
 From:  "Tarun Kundhi" <tkundhi at inebraska dot com>
 To:  "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  site to site IPsec VPN, negotiation failed due to time up
 Date:  Sun, 26 Feb 2006 20:36:49 -0600
I am trying to set up a site to site VPN using 2 monowalls. For testing I'm attempting to do this at
one location with the remote monowall attached to the DMZ interface of the local monowall. Firewalls
rules exist on the local monowall to block DMZ traffic from reaching the LAN.  So far I can't get
the VPN to come up.

Here is my configuration.

local monowall
WAN (DHCP assigned)
LAN 192.168.10.1 /24
DMZ 192.168.20.1 /24
VPN interface DMZ
local subnet LAN
remote subnet 192.168.50.1 /24
remote gateway 192.168.20.5

remote monowall
WAN 192.168.20.5 (static attached to switch on local monowall DMZ)
LAN 192.168.50.1 /24
VPN interface WAN
local subnet LAN
remote subnet 192.168.10.1 /24
remote gateway 192.168.20.1

I've check my setup several times and even tried using different encryption algorithms (3DES &
Blowfish). I also tried different identifiers (My IP address & Domain name) yet the error is always
similar to the following.

      Feb 26 20:05:37 racoon: ERROR: phase1 negotiation failed due to time up.
aa13091341f7f84a:0000000000000000 
      Feb 26 20:05:08 racoon: INFO: delete phase 2 handler. 
      Feb 26 20:05:08 racoon: ERROR: phase2 negotiation failed due to time up waiting for phase1.
ESP 192.168.20.5[0]->192.168.20.1[0] 
      Feb 26 20:04:37 racoon: INFO: begin Aggressive mode. 
      Feb 26 20:04:37 racoon: INFO: initiate new phase 1 negotiation:
192.168.20.1[500]<=>192.168.20.5[500] 
      Feb 26 20:04:37 racoon: INFO: IPsec-SA request for 192.168.20.5 queued due to no phase1 found.



Suggestions would be appreciated.

Tarun