I will update this for others incase they run across this. Had some time to look at this again. The ip was showing correctly in the logs on the dynamic side at home.Didnt think to compare the logs from the office side. I looked at the logs on the pfsense in the office and noticed a different ip in the logs. I did a ping in pfsense from the office and it was going to the wrong ip address. Even though the dyndns account had the correct ip updated to it, the pfsense in the office still had the old ip address cached in the dns and didnt refresh correctly. A DNSMASQ restart corrected the issue and tunnels came right up. Hopefully this helps someone in the future.
Paul On Sat, Jul 17, 2010 at 9:55 AM, Paul Peziol <[email protected]> wrote: > I do have a dynamic ip but have set the tunnels with dyndns. Verified the > ip thats in the logs to make sure it matches the current ip. > > > On Sat, Jul 17, 2010 at 9:43 AM, Jesse Vollmar <[email protected]> wrote: > >> On Sat, Jul 17, 2010 at 10:09 AM, Paul Peziol <[email protected]>wrote: >> >>> Have a site-site tunnel between home and work. Had issues getting the >>> tunnels to work initially. Once they were up they were stable for a few >>> weeks. Rebooted the home router this morning and the tunnel does not come >>> back up. Went into IPSEC and re-saved the tunnels and still does not come >>> up. Get this error >>> >>> ERROR: phase2 negotiation failed due to time up waiting for phase1 >>> >>> Jul 17 09:01:11 racoon: *[]*: INFO: initiate new phase 1 negotiation: >>> HOME WAN[500]<=>OFFICE WAN[500] Jul 17 09:01:11 racoon: INFO: begin >>> Aggressive mode. Jul 17 09:01:36 racoon: INFO: request for establishing >>> IPsec-SA was queued due to no phase1 found. Jul 17 09:01:44 racoon: *[] >>> *: ERROR: phase2 negotiation failed due to time up waiting for phase1. >>> ESP OFFICE WAN[0]->HOME WAN[0] Jul 17 09:01:44 racoon: INFO: delete >>> phase 2 handler. Jul 17 09:02:01 racoon: ERROR: phase1 negotiation >>> failed due to time up. dd42e11e42fc3dcb:0000000000000000 >>> Puzzled why it would work until a reboot. IPSEC status shows *No IPsec >>> security associations.* >>> I tried to delete the tunnels under SPD, resave the ipsec settings. The >>> spd gets recreated but still no tunnel and the above messages. >>> * >>> >>> * >> >> You say between home and work. Is it possible that you have a dynamic IP >> at home and a reboot of your modem pulled down a new IP address? This could >> potentially have disrupted the IPSec tunnel. >> >> >
