Ok. Pinged the router on the Office end . It created a new error below. Looks like its failing on phase1 but can't figure out why. Home Logs: racoon: INFO: request for establishing IPsec-SA was queued due to no phase1 found.Jun 14 10:20:08racoon: INFO: delete phase 2 handler.Jun 14 10:20:08racoon: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP ((OFFICE WAN UP))[0]->((HOME IP))[0]Jun 14 10:19:37racoon: INFO: begin Aggressive mode.Jun 14 10:19:37racoon: INFO: initiate new phase 1 negotiation: ((HOME IP))[500]<=>((OFFICE WAN IP))[500]Jun 14 10:19:37racoon: INFO: IPsec-SA request for ((OFFICE WAN)) queued due to no phase1 found. HOME IPSEC Mode: Tunnel Interface:WAN NAT_T : disabled DPD: 60sec Local Subnet: Network 192.168.30.0/24 Remote Subnet: 192.168.2.0/24 Remote Gateway: Office WAN IP Description:Home
Phase1:: Aggressive My Identifier: Domain Name: DYNDNS Domain name 3DES MD5 DH:2 Lifetime: 28800 PSK: XXXXXXXXX Phase2: ESP 3DES MD5 PFS: Off Lifetime: 86400 Office IPSEC Mode: Tunnel Interface:WAN NAT-T- disabled DPD: 60sec Local Subnet: Lan Subnet Remote subnet: 192.168.30.0/24 Remote GW: dyndns name Description: HOme Phase 1 Aggressive My Identifier: My IP Address 3DES MD5 DH:2 Timelife: 28800 PSK XXXXXX Phase2 ESP 3DES MD5 PFS: Off 86400 Keep alive: 192.168.30.1 PFSense Logs (OFfice) Jun 14 10:19:47 racoon: INFO: received Vendor ID: DPD Jun 14 10:19:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 Jun 14 10:19:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Jun 14 10:19:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Jun 14 10:19:47 racoon: INFO: received Vendor ID: RFC 3947 Jun 14 10:19:37 racoon: ERROR: failed to get valid proposal. Jun 14 10:19:37 racoon: ERROR: no suitable proposal found. Jun 14 10:19:37 racoon: ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 1536-bit MODP group:1024-bit MODP group Jun 14 10:19:37 racoon: INFO: received Vendor ID: DPD Jun 14 10:19:37 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 Jun 14 10:19:37 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Jun 14 10:19:37 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Jun 14 10:19:37 racoon: INFO: received Vendor ID: RFC 3947 On Mon, Jun 14, 2010 at 2:33 AM, Chris Buechler <[email protected]> wrote: > > > On Mon, Jun 14, 2010 at 3:20 AM, Paul Peziol <[email protected]> wrote: > >> I have a pfsense 1.2.3 at the office thats been running well. At home I >> setup a monowall on a retired Watchguard x500. Monowall version 1.32. Trying >> to get a tunnel going between the 2 locations. The office is on a static ip, >> The house I setup a dyndns account. Both sides I have verified the settings >> are the same. I have tried 3DES/SHA1 and blowfish. It was working for a few >> days and nothing was changed except for a reboot. Now the tunnel does not >> come backup with the below error message on the monowall side. Get error >> messages on the pfsense side that are similiar to this. > > > Those aren't actually errors, that's normal under many circumstances. > Nothing in the logs you're showing indicates it even attempted to connect. > Try to send traffic across it, and then see what it shows in the logs. > >
