Re: [pfSense] Problem with IPsec VPN
Brian, You hit the nail on the head. PFS key group at site one was set to ‘Off’. Needed to be ‘2’ Thank you everyone. Mahalo, Jeremy On Jan 8, 2012, at 4:15 PM, Marc R. Meshurle Jr. wrote: PFS 2.0 has a new location for phase 2 setups. Make sure that you click the + sign and setup the phase 2 and make sure the check box is enabled. Marc R. Meshurle, Jr. Owner/Senior Engineer Kato Technology Solutions, Inc. -Original Message- From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Brian Franklin Sent: Sunday, January 08, 2012 00:03 To: pfSense support and discussion Subject: Re: [pfSense] Problem with IPsec VPN pfs group mismatched: my:2 peer:0 Check your PFS key group settings in Phase 2. Make sure they match on both sides. Brian www.ntginc.net -Original Message- From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jeremy Bennett Sent: Saturday, January 07, 2012 2:57 AM To: list@lists.pfsense.org Subject: [pfSense] Problem with IPsec VPN I have a site to site IPsec VPN setup. This is probably the 3rd or 4th set of these that I've done, and all the other setups seem to work fine-I've double-checked the setup, and if it is a config error, I am overlooking it. PFSense 2.0 final on Alix hardware. Site 2 always reports that the ipsec is down. I can restart it from services, and it works for a few hours, but ultimately shuts down. This is the error: Jan 5 15:02:21racoon: [Site1]: [00.000.00.00 site1 address] ERROR: no proposal chosen [Check Phase 2 settings, algorithm]. Jan 5 15:02:21racoon: [Site1]: [00.000.00.00 site1 address] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1). Jan 5 15:46:24racoon: [Site1]: INFO: respond new phase 2 negotiation: 00.000.00.00 site2 address[500]=00.000.00.00 site1 address[500] Jan 5 15:46:24racoon: ERROR: pfs group mismatched: my:2 peer:0 Jan 5 15:46:24racoon: ERROR: not matched Jan 5 15:46:24racoon: ERROR: no suitable policy found. This error repeats continuously in the log of site 2. How do I start troubleshooting this? Thank you, Jeremy ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Problem with IPsec VPN
PFS 2.0 has a new location for phase 2 setups. Make sure that you click the + sign and setup the phase 2 and make sure the check box is enabled. Marc R. Meshurle, Jr. Owner/Senior Engineer Kato Technology Solutions, Inc. -Original Message- From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Brian Franklin Sent: Sunday, January 08, 2012 00:03 To: pfSense support and discussion Subject: Re: [pfSense] Problem with IPsec VPN pfs group mismatched: my:2 peer:0 Check your PFS key group settings in Phase 2. Make sure they match on both sides. Brian www.ntginc.net -Original Message- From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jeremy Bennett Sent: Saturday, January 07, 2012 2:57 AM To: list@lists.pfsense.org Subject: [pfSense] Problem with IPsec VPN I have a site to site IPsec VPN setup. This is probably the 3rd or 4th set of these that I've done, and all the other setups seem to work fine-I've double-checked the setup, and if it is a config error, I am overlooking it. PFSense 2.0 final on Alix hardware. Site 2 always reports that the ipsec is down. I can restart it from services, and it works for a few hours, but ultimately shuts down. This is the error: Jan 5 15:02:21 racoon: [Site1]: [00.000.00.00 site1 address] ERROR: no proposal chosen [Check Phase 2 settings, algorithm]. Jan 5 15:02:21 racoon: [Site1]: [00.000.00.00 site1 address] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1). Jan 5 15:46:24 racoon: [Site1]: INFO: respond new phase 2 negotiation: 00.000.00.00 site2 address[500]=00.000.00.00 site1 address[500] Jan 5 15:46:24 racoon: ERROR: pfs group mismatched: my:2 peer:0 Jan 5 15:46:24 racoon: ERROR: not matched Jan 5 15:46:24 racoon: ERROR: no suitable policy found. This error repeats continuously in the log of site 2. How do I start troubleshooting this? Thank you, Jeremy ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Problem with IPsec VPN
pfs group mismatched: my:2 peer:0 Check your PFS key group settings in Phase 2. Make sure they match on both sides. Brian www.ntginc.net -Original Message- From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jeremy Bennett Sent: Saturday, January 07, 2012 2:57 AM To: list@lists.pfsense.org Subject: [pfSense] Problem with IPsec VPN I have a site to site IPsec VPN setup. This is probably the 3rd or 4th set of these that I've done, and all the other setups seem to work fine-I've double-checked the setup, and if it is a config error, I am overlooking it. PFSense 2.0 final on Alix hardware. Site 2 always reports that the ipsec is down. I can restart it from services, and it works for a few hours, but ultimately shuts down. This is the error: Jan 5 15:02:21 racoon: [Site1]: [00.000.00.00 site1 address] ERROR: no proposal chosen [Check Phase 2 settings, algorithm]. Jan 5 15:02:21 racoon: [Site1]: [00.000.00.00 site1 address] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1). Jan 5 15:46:24 racoon: [Site1]: INFO: respond new phase 2 negotiation: 00.000.00.00 site2 address[500]=00.000.00.00 site1 address[500] Jan 5 15:46:24 racoon: ERROR: pfs group mismatched: my:2 peer:0 Jan 5 15:46:24 racoon: ERROR: not matched Jan 5 15:46:24 racoon: ERROR: no suitable policy found. This error repeats continuously in the log of site 2. How do I start troubleshooting this? Thank you, Jeremy ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
