[ previous ] [ next ] [ threads ]
 
 From:  Paul Rae <paul at impacttrainingsolutions dot co dot uk>
 To:  m0n0wall - <m0n0wall at lists dot m0n0 dot ch>
 Cc:  Tim Nelson <tnelson at rockbochs dot com>
 Subject:  Re: [m0n0wall] IPSec Site to Site Link stopped working
 Date:  Tue, 23 Sep 2008 15:21:54 +0100
I will check the time to confirm but this should be fine.

They are both m0n0wall boxes and have ntp set to sync time.

Likewise, given establishing the connection - they both try to bring the
link up - there is no host / client as they are establishing a site to site
link.

Any other ideas?


On 23/09/2008 15:00, "Tim Nelson" <tnelson at rockbochs dot com> wrote:

> You may want to double check that the date and time are set properly on both
> boxes as that can adversely affect OpenSSL linked applications, in this case
> racoon. Also, if you need to reboot the units, reboot the host unit first, and
> then reboot the unit that connects to the ipsec host.
> 
> Tim Nelson
> Systems/Network Engineer
> Rockbochs Inc.
> (218)727-4332 x105
> 
> ----- "Paul Rae" <paul at impacttrainingsolutions dot co dot uk> wrote:
> 
>> OK, I am somewhat stumped! Have two m0n0wall boxes setup in a site to
>> site
>> vpn link and this has been working for over a year (maybe two?)
>> without any
>> problems. A few days ago traffic between the two sites stopped, so I
>> gave

>> had
>> dropped.
>> 
>> Since then the session will not establish and I have no idea why.
>> There has
>> been no config changes at either end, boxes are as they have been.
>> Other
>> than that everything is working fine, all other traffic is flowing,
>> nat,
>> port forwarding, etc... Is all good. Does anyone have any ideas:
>> 
>> From one of the boxes:
>> 
>> Sep 23 14:30:28    /kernel: WARNING: pseudo-random number generator
>> used for
>> IPsec processing
>> Sep 23 14:30:28    racoon: INFO: initiate new phase 2 negotiation:
>> 217.35.xxx.xxx[0]<=>82.16.xxx.xxx[0]
>> Sep 23 14:29:35    racoon: ERROR: failed to pre-process packet.
>> Sep 23 14:29:35    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:29:35    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:29:35    racoon: INFO: respond new phase 2 negotiation:
>> 217.35.xxx.xxx[0]<=>82.16.xxx.xxx[0]
>> Sep 23 14:29:25    racoon: ERROR: failed to pre-process packet.
>> Sep 23 14:29:25    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:29:25    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:29:24    racoon: INFO: respond new phase 2 negotiation:
>> 217.35.92.xxx[0]<=>82.16.xxx.xxx[0]
>> Sep 23 14:29:14    racoon: ERROR: failed to pre-process packet.
>> Sep 23 14:29:14    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:29:14    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:29:14    racoon: INFO: respond new phase 2 negotiation:
>> 217.35.xxx.xxx[0]<=>82.16.xxx.xxx[0]
>> Sep 23 14:27:58    racoon: ERROR: failed to pre-process packet.
>> Sep 23 14:27:58    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:27:58    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:27:57    racoon: INFO: respond new phase 2 negotiation:
>> 217.35.xxx.xxx[0]<=>82.16.xxx.xxx[0]
>> Sep 23 14:27:51    dnsmasq[100]: using nameserver 194.72.9.38#53
>> Sep 23 14:27:51    dnsmasq[100]: using nameserver 194.74.65.68#53
>> Sep 23 14:27:51    dnsmasq[100]: reading /etc/resolv.conf
>> Sep 23 14:27:47    racoon: ERROR: failed to pre-process packet.
>> Sep 23 14:27:47    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:27:47    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:27:47    racoon: INFO: respond new phase 2 negotiation:
>> 217.35.xxx.xxx[0]<=>82.16.xxx.xxx[0]
>> Sep 23 14:27:37    racoon: ERROR: failed to pre-process packet.
>> Sep 23 14:27:37    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:27:37    racoon: ERROR: failed to get sainfo.
>> Sep 23 14:27:37    racoon: INFO: respond new phase 2 negotiation:
>> 217.35.xxx.xxx[0]<=>82.16.xxx.xxx[0]
>> Sep 23 14:27:36    racoon: INFO: ISAKMP-SA established
>> 217.35.xxx.xxx[500]-82.16.xxx.xxx[500]
>> spi:ef90f0ab089c46d0:2b0c78ee76f0dee2
>> Sep 23 14:27:36    racoon: NOTIFY: couldn't find the proper pskey, try
>> to
>> get one by the peer's address.
>> Sep 23 14:27:35    racoon: WARNING: No ID match.
>> Sep 23 14:27:35    racoon: INFO: received Vendor ID: DPD
>> Sep 23 14:27:35    racoon: INFO: begin Aggressive mode.
>> Sep 23 14:27:35    racoon: INFO: respond new phase 1 negotiation:
>> 217.35.xxx.xxx[500]<=>82.16.xxx.xxx[500]
>> Sep 23 14:27:26    dhclient: bound to 217.35.xxx.xxx -- renewal in
>> 64894
>> seconds.
>> Sep 23 14:27:25    racoon: INFO: 217.35.xxx.xxx[500] used as isakmp
>> port
>> (fd=9)
>> Sep 23 14:27:25    racoon: INFO: 192.168.3.254[500] used as isakmp
>> port
>> (fd=8)
>> Sep 23 14:27:25    racoon: INFO: 127.0.0.1[500] used as isakmp port
>> (fd=7)
>> Sep 23 14:27:25    racoon: INFO: @(#)This product linked OpenSSL
>> 0.9.7d-p1
>> 17 Mar 2004 (http://www.openssl.org/)
>> Sep 23 14:27:25    racoon: INFO: @(#)ipsec-tools 0.6.6
>> (http://ipsec-tools.sourceforge.net)
>> 
>> - 
>> Regards,
>> 
>> Paul Rae
>> Business Development Director
>> 
>> t : 08454 599930
>> m : 07769 654302
>> e : paul at impacttrainingsolutions dot co dot uk
>> 
>> Impact Training Solutions
>> 36 Reid Road
>> Bathgate
>> West Lothian, EH48 2TX


- 
Regards,

Paul Rae
Business Development Director

t : 08454 599930
m : 07769 654302
e : paul at impacttrainingsolutions dot co dot uk

Impact Training Solutions
36 Reid Road
Bathgate
West Lothian, EH48 2TX