2.0 RC1 working ipsec site to site config
-
anyone can send working pf 2.0 RC1 to pf 2.0 RC1 site to site ipsec config ?because mine disconnecting and only after racoon restart able to connect.Before it was working with pf 1.2.3 without any problem.
my systems:
2.0-RC1 (i386)
built on Thu Apr 7 21:53:59 EDT 2011 -
any answers?
adding logs and ipsec configs.Before upgrade 2.0 RC1 this configs was running without any problem,this problems occurs after upgrade,please tell me am i doing something wrong?
Logs
MainOffice111
Apr 9 16:15:42 racoon: [BranchOffice131]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->131.131.131.131[500] spi=96233152(0x5bc66c0)
Apr 9 16:15:42 racoon: [BranchOffice131]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->131.131.131.131[500] spi=124500845(0x76bbb6d)
Apr 9 16:15:42 racoon: [BranchOffice131]: INFO: initiate new phase 2 negotiation: 111.111.111.111[500]<=>131.131.131.131[500]
Apr 9 16:15:41 racoon: [BranchOffice131]: INFO: ISAKMP-SA established 111.111.111.111[500]-131.131.131.131[500] spi:a30cb4098833f36b:f9349ee8daaa8e92
Apr 9 16:15:41 racoon: INFO: received Vendor ID: DPD
Apr 9 16:15:41 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Apr 9 16:15:41 racoon: INFO: begin Aggressive mode.
Apr 9 16:15:41 racoon: [BranchOffice131]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>131.131.131.131[500]
Apr 9 16:15:41 racoon: [BranchOffice131]: INFO: IPsec-SA request for 131.131.131.131 queued due to no phase1 found.
Apr 9 16:15:32 racoon: [BranchOffice222]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->222.222.222.222[500] spi=165271763(0x9d9d8d3)
Apr 9 16:15:32 racoon: [BranchOffice222]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->222.222.222.222[500] spi=31387927(0x1def117)
Apr 9 16:15:32 racoon: [BranchOffice222]: INFO: respond new phase 2 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
Apr 9 16:15:32 racoon: [BranchOffice222]: INFO: ISAKMP-SA established 111.111.111.111[500]-222.222.222.222[500] spi:28db9ca101ef99c7:56564054e81bd71e
Apr 9 16:15:32 racoon: INFO: received Vendor ID: DPD
Apr 9 16:15:32 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Apr 9 16:15:32 racoon: INFO: begin Aggressive mode.
Apr 9 16:15:32 racoon: [BranchOffice222]: INFO: respond new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
Apr 9 16:15:31 racoon: [BranchOffice121]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->121.121.121.121[500] spi=48228194(0x2dfe762)
Apr 9 16:15:31 racoon: [BranchOffice121]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->121.121.121.121[500] spi=193485563(0xb885afb)
Apr 9 16:15:31 racoon: [BranchOffice121]: INFO: initiate new phase 2 negotiation: 111.111.111.111[500]<=>121.121.121.121[500]
Apr 9 16:15:24 racoon: [Self]: INFO: 111.111.111.111[500] used as isakmp port (fd=17)
Apr 9 16:15:24 racoon: [Self]: INFO: 111.111.111.111[500] used for NAT-T
Apr 9 16:15:24 racoon: [Self]: INFO: 111.111.111.111[4500] used as isakmp port (fd=16)
Apr 9 16:15:24 racoon: [Self]: INFO: 111.111.111.111[4500] used for NAT-T
Apr 9 16:14:47 racoon: ERROR: failed to begin ipsec sa negotication.
Apr 9 16:14:47 racoon: ERROR: phase1 negotiation failed due to send error. ac3aa97737ea0d9d:0000000000000000
Apr 9 16:14:47 racoon: INFO: begin Aggressive mode.
Apr 9 16:14:47 racoon: [BranchOffice222]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
Apr 9 16:14:47 racoon: [BranchOffice222]: INFO: IPsec-SA request for 222.222.222.222 queued due to no phase1 found.
Apr 9 16:14:23 racoon: ERROR: failed to begin ipsec sa negotication.
Apr 9 16:14:23 racoon: ERROR: phase1 negotiation failed due to send error. 54ee0fe2f345b74b:0000000000000000
Apr 9 16:14:23 racoon: INFO: begin Aggressive mode.
Apr 9 16:14:23 racoon: [BranchOffice222]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
Apr 9 16:14:23 racoon: [BranchOffice222]: INFO: IPsec-SA request for 222.222.222.222 queued due to no phase1 found.
Apr 9 16:13:59 racoon: ERROR: failed to begin ipsec sa negotication.
Apr 9 16:13:59 racoon: ERROR: phase1 negotiation failed due to send error. be7fe2346fa975fb:0000000000000000
Apr 9 16:13:59 racoon: INFO: begin Aggressive mode.
Apr 9 16:13:59 racoon: [BranchOffice222]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
Apr 9 16:13:59 racoon: [BranchOffice222]: INFO: IPsec-SA request for 222.222.222.222 queued due to no phase1 found.
Apr 9 16:13:35 racoon: ERROR: failed to begin ipsec sa negotication.
Apr 9 16:13:35 racoon: ERROR: phase1 negotiation failed due to send error. 4acb668add723bf0:0000000000000000
Apr 9 16:13:35 racoon: INFO: begin Aggressive mode.
Apr 9 16:13:35 racoon: [BranchOffice222]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
Apr 9 16:13:35 racoon: [BranchOffice222]: INFO: IPsec-SA request for 222.222.222.222 queued due to no phase1 found.
Apr 9 16:11:42 racoon: ERROR: failed to begin ipsec sa negotication.
Apr 9 16:11:42 racoon: ERROR: phase1 negotiation failed due to send error. 23b1def39da3af33:0000000000000000
Apr 9 16:11:42 racoon: INFO: begin Aggressive mode.
Apr 9 16:11:42 racoon: [BranchOffice222]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
Apr 9 16:11:42 racoon: [BranchOffice222]: INFO: IPsec-SA request for 222.222.222.222 queued due to no phase1 found.
Apr 9 16:11:17 racoon: ERROR: failed to start post getspi.BranchOffice121
Apr 9 16:15:31 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 121.121.121.121[0]->111.111.111.111[0] spi=193485563(0xb885afb)
Apr 9 16:15:31 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 111.111.111.111[0]->121.121.121.121[0] spi=48228194(0x2dfe762)
Apr 9 16:15:31 racoon: [MainOffice111]: INFO: respond new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:15:31 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:15:01 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:14:56 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:14:26 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:14:24 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:13:54 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:13:50 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:13:20 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:13:20 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:12:50 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:12:49 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:12:19 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:12:16 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:11:46 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:11:44 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:11:14 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:11:04 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:10:34 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:10:34 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:10:04 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:10:01 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:09:31 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:09:30 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:09:00 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:08:54 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:08:24 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:08:20 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:07:50 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:07:46 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:07:16 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:07:14 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:06:44 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:06:40 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:06:10 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:06:06 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:05:36 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:05:32 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:05:02 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:05:01 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:04:31 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:04:27 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:03:57 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:03:50 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:03:20 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:03:19 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:02:49 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:02:48 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:02:18 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:02:16 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:01:46 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:01:38 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:01:08 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:01:07 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:00:37 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:00:37 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:00:07 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 16:00:04 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:59:34 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:59:30 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:59:00 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:58:56 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:58:26 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:58:24 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:57:54 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:57:49 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:57:19 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:57:14 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:56:44 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:56:38 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:56:08 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:56:03 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:55:33 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:55:26 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:54:56 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:54:52 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:54:22 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:54:20 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:53:50 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:53:46 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:53:16 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:53:10 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:52:40 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:52:35 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:52:05 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:51:54 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:51:24 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:51:18 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:50:48 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:50:46 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:50:16 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:50:15 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:49:45 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:49:35 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:49:05 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:49:04 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:48:34 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:48:34 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:48:04 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:48:01 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:47:31 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:36:00 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:35:30 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP/Tunnel 111.111.111.111[0]->121.121.121.121[0] spi=1558667(0x17c88b)
Apr 9 15:35:30 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 15:35:30 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP 121.121.121.121[0]->111.111.111.111[0] spi=152684926(0x919c97e)
Apr 9 14:47:29 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 121.121.121.121[0]->111.111.111.111[0] spi=152684926(0x919c97e)
Apr 9 14:47:29 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 111.111.111.111[0]->121.121.121.121[0] spi=1558667(0x17c88b)
Apr 9 14:47:29 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP/Tunnel 111.111.111.111[0]->121.121.121.121[0] spi=225411871(0xd6f831f)
Apr 9 14:47:29 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 14:47:29 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP 121.121.121.121[0]->111.111.111.111[0] spi=188446918(0xb3b78c6)
Apr 9 13:59:28 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 121.121.121.121[0]->111.111.111.111[0] spi=188446918(0xb3b78c6)
Apr 9 13:59:28 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 111.111.111.111[0]->121.121.121.121[0] spi=225411871(0xd6f831f)
Apr 9 13:59:28 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP/Tunnel 111.111.111.111[0]->121.121.121.121[0] spi=126827611(0x78f3c5b)
Apr 9 13:59:28 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 13:59:28 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP 121.121.121.121[0]->111.111.111.111[0] spi=114434545(0x6d221f1)
Apr 9 13:11:27 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 121.121.121.121[0]->111.111.111.111[0] spi=114434545(0x6d221f1)
Apr 9 13:11:27 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 111.111.111.111[0]->121.121.121.121[0] spi=126827611(0x78f3c5b)
Apr 9 13:11:27 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP/Tunnel 111.111.111.111[0]->121.121.121.121[0] spi=64378002(0x3d65492)
Apr 9 13:11:27 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 13:11:27 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP 121.121.121.121[0]->111.111.111.111[0] spi=220194169(0xd1fe579)
Apr 9 12:23:26 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 121.121.121.121[0]->111.111.111.111[0] spi=220194169(0xd1fe579)
Apr 9 12:23:26 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 111.111.111.111[0]->121.121.121.121[0] spi=64378002(0x3d65492)
Apr 9 12:23:26 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP/Tunnel 111.111.111.111[0]->121.121.121.121[0] spi=110620595(0x697efb3)
Apr 9 12:23:26 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
Apr 9 12:23:26 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP 121.121.121.121[0]->111.111.111.111[0] spi=77366575(0x49c852f)BranchOffice222
Apr 9 16:15:32 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 222.222.222.222[500]->111.111.111.111[500] spi=31387927(0x1def117)
Apr 9 16:15:32 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 222.222.222.222[500]->111.111.111.111[500] spi=165271763(0x9d9d8d3)
Apr 9 16:15:32 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:15:32 racoon: [MainOffice111]: INFO: ISAKMP-SA established 222.222.222.222[500]-111.111.111.111[500] spi:28db9ca101ef99c7:56564054e81bd71e
Apr 9 16:15:32 racoon: INFO: received Vendor ID: DPD
Apr 9 16:15:32 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Apr 9 16:15:25 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
Apr 9 16:15:23 racoon: INFO: delete phase 2 handler.
Apr 9 16:15:23 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:14:51 racoon: INFO: begin Aggressive mode.
Apr 9 16:14:51 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:14:51 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 16:14:50 racoon: INFO: delete phase 2 handler.
Apr 9 16:14:50 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:14:36 racoon: ERROR: phase1 negotiation failed due to time up. 1a40da5577af1a98:0000000000000000
Apr 9 16:14:18 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
Apr 9 16:14:17 racoon: INFO: delete phase 2 handler.
Apr 9 16:14:17 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:13:46 racoon: INFO: begin Aggressive mode.
Apr 9 16:13:46 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:13:46 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 16:13:42 racoon: INFO: delete phase 2 handler.
Apr 9 16:13:42 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:13:25 racoon: ERROR: phase1 negotiation failed due to time up. 4a259d9ee4bbf29b:0000000000000000
Apr 9 16:13:10 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
Apr 9 16:13:06 racoon: INFO: delete phase 2 handler.
Apr 9 16:13:06 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:12:35 racoon: INFO: begin Aggressive mode.
Apr 9 16:12:35 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:12:35 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 16:12:17 racoon: INFO: delete phase 2 handler.
Apr 9 16:12:17 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:11:54 racoon: ERROR: phase1 negotiation failed due to time up. 07e828dbd0030d0c:0000000000000000
Apr 9 16:11:46 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
Apr 9 16:11:35 racoon: INFO: delete phase 2 handler.
Apr 9 16:11:35 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:11:04 racoon: INFO: begin Aggressive mode.
Apr 9 16:11:04 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:11:04 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 16:10:53 racoon: INFO: delete phase 2 handler.
Apr 9 16:10:53 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:10:37 racoon: ERROR: phase1 negotiation failed due to time up. 9437e81477c46ac8:0000000000000000
Apr 9 16:10:22 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
Apr 9 16:10:19 racoon: INFO: delete phase 2 handler.
Apr 9 16:10:19 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:09:47 racoon: INFO: begin Aggressive mode.
Apr 9 16:09:47 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:09:47 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 16:09:42 racoon: INFO: delete phase 2 handler.
Apr 9 16:09:42 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:09:18 racoon: ERROR: phase1 negotiation failed due to time up. 8404f6e665cb5936:0000000000000000
Apr 9 16:09:11 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
Apr 9 16:08:59 racoon: INFO: delete phase 2 handler.
Apr 9 16:08:59 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:08:27 racoon: INFO: begin Aggressive mode.
Apr 9 16:08:27 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:08:27 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 16:08:25 racoon: INFO: delete phase 2 handler.
Apr 9 16:08:25 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:08:10 racoon: ERROR: phase1 negotiation failed due to time up. f22b1d1499e58082:0000000000000000
Apr 9 16:07:54 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
Apr 9 16:07:51 racoon: INFO: delete phase 2 handler.
Apr 9 16:07:51 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
Apr 9 16:07:20 racoon: INFO: begin Aggressive mode.
Apr 9 16:07:20 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:07:20 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 16:06:59 racoon: [MainOffice111]: INFO: ISAKMP-SA deleted 222.222.222.222[500]-111.111.111.111[500] spi:c3424c4a2ecae460:2b8a7aa67c2a2a1b
Apr 9 16:06:59 racoon: [MainOffice111]: INFO: ISAKMP-SA expired 222.222.222.222[500]-111.111.111.111[500] spi:c3424c4a2ecae460:2b8a7aa67c2a2a1b
Apr 9 16:06:58 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:06:53 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:06:23 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:06:09 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:05:39 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:05:37 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:05:07 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:04:55 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:04:25 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:04:21 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:03:51 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:03:47 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:03:17 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:03:07 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:02:37 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:02:33 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:02:03 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:01:45 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:01:15 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:01:11 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:00:41 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 16:00:33 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 16:00:03 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 15:59:54 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:59:24 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 15:59:20 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:58:50 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 15:58:33 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:58:03 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 15:57:58 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
Apr 9 15:57:28 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
Apr 9 15:57:22 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.BranchOffice131
Apr 9 16:15:41 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 131.131.131.131[500]->111.111.111.111[500] spi=124500845(0x76bbb6d)
Apr 9 16:15:41 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 131.131.131.131[500]->111.111.111.111[500] spi=96233152(0x5bc66c0)
Apr 9 16:15:41 racoon: [MainOffice111]: INFO: respond new phase 2 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
Apr 9 16:15:40 racoon: [MainOffice111]: INFO: ISAKMP-SA established 131.131.131.131[500]-111.111.111.111[500] spi:a30cb4098833f36b:f9349ee8daaa8e92
Apr 9 16:15:40 racoon: INFO: received Vendor ID: DPD
Apr 9 16:15:40 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Apr 9 16:15:40 racoon: INFO: begin Aggressive mode.
Apr 9 16:15:40 racoon: [MainOffice111]: INFO: respond new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
Apr 9 16:12:56 racoon: ERROR: phase1 negotiation failed due to time up. 73f8fcd06dbc6d6f:0000000000000000
Apr 9 16:12:37 racoon: INFO: delete phase 2 handler.
Apr 9 16:12:37 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
Apr 9 16:12:06 racoon: INFO: begin Aggressive mode.
Apr 9 16:12:06 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
Apr 9 16:12:06 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 16:08:31 racoon: ERROR: phase1 negotiation failed due to time up. 77fb771428668638:0000000000000000
Apr 9 16:08:12 racoon: INFO: delete phase 2 handler.
Apr 9 16:08:12 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
Apr 9 16:07:41 racoon: INFO: begin Aggressive mode.
Apr 9 16:07:41 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
Apr 9 16:07:41 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 16:04:06 racoon: ERROR: phase1 negotiation failed due to time up. 5155ba68f37035f2:0000000000000000
Apr 9 16:03:47 racoon: INFO: delete phase 2 handler.
Apr 9 16:03:47 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
Apr 9 16:03:16 racoon: INFO: begin Aggressive mode.
Apr 9 16:03:16 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
Apr 9 16:03:16 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 15:59:40 racoon: ERROR: phase1 negotiation failed due to time up. 44398177140d3491:0000000000000000
Apr 9 15:59:21 racoon: INFO: delete phase 2 handler.
Apr 9 15:59:21 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
Apr 9 15:58:50 racoon: INFO: begin Aggressive mode.
Apr 9 15:58:50 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
Apr 9 15:58:50 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 15:55:15 racoon: ERROR: phase1 negotiation failed due to time up. 0b5335d91a943d8f:0000000000000000
Apr 9 15:54:56 racoon: INFO: delete phase 2 handler.
Apr 9 15:54:56 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
Apr 9 15:54:25 racoon: INFO: begin Aggressive mode.
Apr 9 15:54:25 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
Apr 9 15:54:25 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 15:50:50 racoon: ERROR: phase1 negotiation failed due to time up. d0e9d9775d4e5fa7:0000000000000000
Apr 9 15:50:31 racoon: INFO: delete phase 2 handler.
Apr 9 15:50:31 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
Apr 9 15:50:00 racoon: INFO: begin Aggressive mode.
Apr 9 15:50:00 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
Apr 9 15:50:00 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
Apr 9 15:46:25 racoon: ERROR: phase1 negotiation failed due to time up. e247653ced4bcee6:0000000000000000
Apr 9 15:46:06 racoon: INFO: delete phase 2 handler.
Apr 9 15:46:06 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
Apr 9 15:45:35 racoon: INFO: begin Aggressive mode.
Apr 9 15:45:35 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
Apr 9 15:45:35 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.Configs:
BranchOffice121(PF 1.2.3)
This file is automatically generated. Do not edit
listen {
adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
}
path pre_shared_key "/var/etc/psk.txt";path certificate "/var/etc";
remote 111.111.111.111 {
exchange_mode aggressive;
my_identifier address "121.121.121.121";peers_identifier address 111.111.111.111;
initial_contact on;ike_frag on;
support_proxy on;
proposal_check obey;proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 28800 secs;
}
lifetime time 28800 secs;
}sainfo address 192.168.60.0/24 any address 192.168.0.0/16 any {
encryption_algorithm 3des;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate;
pfs_group 2;
lifetime time 3600 secs;
}BranchOffice222(2.0-RC1 (i386) built on Fri Apr 8 18:33:38 EDT 2011)
This file is automatically generated. Do not edit
path pre_shared_key "/var/etc/psk.txt";
path certificate "/var/etc";
listen
{
adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
isakmp 222.222.222.222 [500];
isakmp_natt 222.222.222.222 [4500];
}remote 111.111.111.111
{
ph1id 1;
exchange_mode main;
my_identifier address 222.222.222.222;
peers_identifier address 111.111.111.111;
ike_frag on;
generate_policy = off;
initial_contact = on;
nat_traversal = off;dpd_delay = 60;
dpd_maxfail = 5;
support_proxy on;
proposal_check obey;proposal
{
authentication_method pre_shared_key;
encryption_algorithm blowfish 256;
hash_algorithm sha1;
dh_group 2;
lifetime time 28800 secs;
}
}sainfo subnet 192.168.55.0/24 any subnet 192.168.0.0/16 any
{
remoteid 1;
encryption_algorithm blowfish 256;
authentication_algorithm hmac_sha1;
pfs_group 2;
lifetime time 3600 secs;
compression_algorithm deflate;
}BranchOffice131(2.0-RC1 (i386) built on Fri Apr 8 18:33:38 EDT 2011)
This file is automatically generated. Do not edit
path pre_shared_key "/var/etc/psk.txt";
path certificate "/var/etc";
listen
{
adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
isakmp 131.131.131.131 [500];
isakmp_natt 131.131.131.131 [4500];
}remote 111.111.111.111
{
ph1id 1;
exchange_mode aggressive;
my_identifier user_fqdn "email131@email.com";
peers_identifier user_fqdn "email111@email.com";
ike_frag on;
generate_policy = off;
initial_contact = on;
nat_traversal = off;dpd_delay = 60;
dpd_maxfail = 5;
support_proxy on;
proposal_check obey;proposal
{
authentication_method pre_shared_key;
encryption_algorithm blowfish 256;
hash_algorithm sha1;
dh_group 2;
lifetime time 28800 secs;
}
}sainfo subnet 192.168.10.0/24 any subnet 192.168.0.0/16 any
{
remoteid 1;
encryption_algorithm blowfish 256;
authentication_algorithm hmac_md5;
pfs_group 2;
lifetime time 3600 secs;
compression_algorithm deflate;
}MainOffice111 (2.0-RC1 (i386) built on Fri Apr 8 18:33:38 EDT 2011)
This file is automatically generated. Do not edit
path pre_shared_key "/var/etc/psk.txt";
path certificate "/var/etc";
listen
{
adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
isakmp 111.111.111.111 [500];
isakmp_natt 111.111.111.111 [4500];
}remote 131.131.131.131
{
ph1id 1;
exchange_mode aggressive;
my_identifier user_fqdn "email111@email.com";
peers_identifier user_fqdn "email131@email.com";
ike_frag on;
generate_policy = off;
initial_contact = on;
nat_traversal = off;dpd_delay = 60;
dpd_maxfail = 5;
support_proxy on;
proposal_check obey;proposal
{
authentication_method pre_shared_key;
encryption_algorithm blowfish 256;
hash_algorithm sha1;
dh_group 2;
lifetime time 28800 secs;
}
}remote 121.121.121.121
{
ph1id 2;
exchange_mode aggressive;
my_identifier address 111.111.111.111;
peers_identifier address 121.121.121.121;
ike_frag on;
generate_policy = off;
initial_contact = on;
nat_traversal = off;support_proxy on;
proposal_check obey;proposal
{
authentication_method pre_shared_key;
encryption_algorithm 3des;
hash_algorithm sha1;
dh_group 2;
lifetime time 28800 secs;
}
}remote 222.222.222.222
{
ph1id 4;
exchange_mode main;
my_identifier address 111.111.111.111;
peers_identifier address 222.222.222.222;
ike_frag on;
generate_policy = off;
initial_contact = on;
nat_traversal = off;dpd_delay = 60;
dpd_maxfail = 5;
support_proxy on;
proposal_check obey;proposal
{
authentication_method pre_shared_key;
encryption_algorithm blowfish 256;
hash_algorithm sha1;
dh_group 2;
lifetime time 28800 secs;
}
}sainfo subnet 192.168.0.0/16 any subnet 192.168.10.0/24 any
{
remoteid 1;
encryption_algorithm blowfish 256;
authentication_algorithm hmac_md5;
pfs_group 2;
lifetime time 3600 secs;
compression_algorithm deflate;
}sainfo subnet 192.168.0.0/16 any subnet 192.168.60.0/24 any
{
remoteid 2;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1,hmac_md5;
pfs_group 2;
lifetime time 3600 secs;
compression_algorithm deflate;
}sainfo subnet 192.168.0.0/16 any subnet 192.168.55.0/24 any
{
remoteid 4;
encryption_algorithm blowfish 256;
authentication_algorithm hmac_sha1;
pfs_group 2;
lifetime time 3600 secs;
compression_algorithm deflate;
} -
any help?
-
at last i found my periodically ipsec disconnect problem after researching in redmine,i'm using pptp from home to connect corporate PF 2.0 RC1 firewall.
Same issue as Chris Buechler described in bug 1421 (http://redmine.pfsense.org/issues/1421),today i noticed that after my pptp disconnect all ipsec tunnels disconnecting.I can supply any log and configs for deeper research.regards.