using pfSense 1.2.3R I get this every so often (dont know why-possible because of lost Internet connection) Heres what I do: Go to Diagnostics: IPSec: SPD, delete the entries there and apply the changes. then: VPN: IPsec, I just click edit on each box and then verifiy everything is right, scroll down and click save, click apply and then the vpn comes back up.
On Mon, Jun 14, 2010 at 8:48 AM, Paul Peziol <[email protected]> wrote: > Ok. Pinged the router on the Office end . It created a new error below. > Looks like its failing on phase1 but can't figure out why. > Home Logs: > racoon: INFO: request for establishing IPsec-SA was queued due to no > phase1 found. Jun 14 10:20:08 racoon: INFO: delete phase 2 handler. Jun 14 > 10:20:08 racoon: ERROR: phase2 negotiation failed due to time up waiting > for phase1. ESP ((OFFICE WAN UP))[0]->((HOME IP))[0] Jun 14 10:19:37racoon: > INFO: begin Aggressive mode.Jun 14 10:19:37racoon: INFO: initiate new phase 1 > negotiation: ((HOME IP))[500]<=>((OFFICE > WAN IP))[500] Jun 14 10:19:37 racoon: INFO: IPsec-SA request for ((OFFICE > WAN)) queued due to no phase1 found. > HOME IPSEC > Mode: Tunnel > Interface:WAN > NAT_T : disabled > DPD: 60sec > Local Subnet: Network 192.168.30.0/24 > Remote Subnet: 192.168.2.0/24 > Remote Gateway: Office WAN IP > Description:Home > > Phase1:: > Aggressive > My Identifier: Domain Name: DYNDNS Domain name > 3DES > MD5 > DH:2 > Lifetime: 28800 > PSK: XXXXXXXXX > > Phase2: > ESP > 3DES > MD5 > PFS: Off > Lifetime: 86400 > > Office IPSEC > Mode: Tunnel > Interface:WAN > NAT-T- disabled > DPD: 60sec > Local Subnet: Lan Subnet > Remote subnet: 192.168.30.0/24 > Remote GW: dyndns name > Description: HOme > > Phase 1 > Aggressive > My Identifier: My IP Address > 3DES > MD5 > DH:2 > Timelife: 28800 > PSK XXXXXX > > Phase2 > ESP > 3DES > MD5 > PFS: Off > 86400 > > Keep alive: 192.168.30.1 > > PFSense Logs (OFfice) > Jun 14 10:19:47 racoon: INFO: received Vendor ID: DPD > Jun 14 10:19:47 racoon: INFO: received Vendor ID: > draft-ietf-ipsec-nat-t-ike-00 > Jun 14 10:19:47 racoon: INFO: received Vendor ID: > draft-ietf-ipsec-nat-t-ike-02 > Jun 14 10:19:47 racoon: INFO: received Vendor ID: > draft-ietf-ipsec-nat-t-ike-02 > Jun 14 10:19:47 racoon: INFO: received Vendor ID: RFC 3947 > Jun 14 10:19:37 racoon: ERROR: failed to get valid proposal. > Jun 14 10:19:37 racoon: ERROR: no suitable proposal found. > Jun 14 10:19:37 racoon: ERROR: rejected dh_group: > DB(prop#1:trns#1):Peer(prop#1:trns#1) = 1536-bit MODP group:1024-bit MODP > group > Jun 14 10:19:37 racoon: INFO: received Vendor ID: DPD > Jun 14 10:19:37 racoon: INFO: received Vendor ID: > draft-ietf-ipsec-nat-t-ike-00 > Jun 14 10:19:37 racoon: INFO: received Vendor ID: > draft-ietf-ipsec-nat-t-ike-02 > Jun 14 10:19:37 racoon: INFO: received Vendor ID: > draft-ietf-ipsec-nat-t-ike-02 > Jun 14 10:19:37 racoon: INFO: received Vendor ID: RFC 3947 > > On Mon, Jun 14, 2010 at 2:33 AM, Chris Buechler <[email protected]>wrote: > >> >> >> On Mon, Jun 14, 2010 at 3:20 AM, Paul Peziol <[email protected]>wrote: >> >>> I have a pfsense 1.2.3 at the office thats been running well. At home I >>> setup a monowall on a retired Watchguard x500. Monowall version 1.32. Trying >>> to get a tunnel going between the 2 locations. The office is on a static ip, >>> The house I setup a dyndns account. Both sides I have verified the settings >>> are the same. I have tried 3DES/SHA1 and blowfish. It was working for a few >>> days and nothing was changed except for a reboot. Now the tunnel does not >>> come backup with the below error message on the monowall side. Get error >>> messages on the pfsense side that are similiar to this. >> >> >> Those aren't actually errors, that's normal under many circumstances. >> Nothing in the logs you're showing indicates it even attempted to connect. >> Try to send traffic across it, and then see what it shows in the logs. >> >> >
