[ previous ] [ next ] [ threads ]
 From:  "Brian" <mono at ricerage dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Okay got some more logging from the box with the IPSEC
 Date:  Fri, 26 Mar 2004 11:39:54 -0500 (EST)
> To me it seems as if the phase 1 doesn't go through... or am I wrong?
> Mar 26 16:54:55  racoon: NOTIFY: oakley.c:2040:oakley_skeyid(): couldn't
find the proper pskey, try to get one by the peer's address.
> Mar 26 16:54:55  racoon: WARNING: ipsec_doi.c:3099:ipsecdoi_checkid1():
ID value mismatched.
> Mar 26 16:54:55  racoon: WARNING: ipsec_doi.c:3077:ipsecdoi_checkid1():
ID type mismatched.
> request for xx.xxx.174.231 queued due to no phase1 found.

You're not wrong, from the looks of it theres no phase one negotiation
going through at all.

Apologies if you've already explained your config, but how are you setting
this up? What's your Phase 1 and Phase 2 settings? Are you using
aggressive mode because one of the hosts has a dynamically assigned WAN
IP? Before I or anyone else can properly diagnose the problem, we'll need
to see the config on both end points.

Unless of course you've already made that clear, and I missed it. If thats
the case, whoops. I'll F off.