not sure if your setup will work, however, your local and remote subnet's
should end with .0, since you are using the 24bit mask.
From: "Tarun Kundhi" <tkundhi at inebraska dot com>
To: "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
Date: Sun, 26 Feb 2006 20:36:49 -0600
Subject: [m0n0wall] site to site IPsec VPN, negotiation failed due to time
> I am trying to set up a site to site VPN using 2 monowalls. For testing
> I'm attempting to do this at one location with the remote monowall
> attached to the DMZ interface of the local monowall. Firewalls rules
> exist on the local monowall to block DMZ traffic from reaching the LAN.
> So far I can't get the VPN to come up.
> Here is my configuration.
> local monowall
> WAN (DHCP assigned)
> LAN 192.168.10.1 /24
> DMZ 192.168.20.1 /24
> VPN interface DMZ
> local subnet LAN
> remote subnet 192.168.50.1 /24
> remote gateway 192.168.20.5
> remote monowall
> WAN 192.168.20.5 (static attached to switch on local monowall DMZ)
> LAN 192.168.50.1 /24
> VPN interface WAN
> local subnet LAN
> remote subnet 192.168.10.1 /24
> remote gateway 192.168.20.1
> I've check my setup several times and even tried using different
> encryption algorithms (3DES & Blowfish). I also tried different
> identifiers (My IP address & Domain name) yet the error is always
> similar to the following.
> Feb 26 20:05:37 racoon: ERROR: phase1 negotiation failed due to
> time up. aa13091341f7f84a:0000000000000000
> Feb 26 20:05:08 racoon: INFO: delete phase 2 handler.
> Feb 26 20:05:08 racoon: ERROR: phase2 negotiation failed due to
> time up waiting for phase1. ESP 192.168.20.5->192.168.20.1
> Feb 26 20:04:37 racoon: INFO: begin Aggressive mode.
> Feb 26 20:04:37 racoon: INFO: initiate new phase 1 negotiation:
> Feb 26 20:04:37 racoon: INFO: IPsec-SA request for 192.168.20.5
> queued due to no phase1 found.
> Suggestions would be appreciated.