Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Stops working within 24 hours 2.0-RELEASE (amd64)

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eprimaveri
      last edited by

      I have setup 2 IPSec VPN Tunnels.  One with our home office PFSense 1.2.3 and one with a client using Cisco.  This is a clean install and new setup.  Within 24 hours my VPN Tunnels go down and do not renegotiate.  My internet connections are working fine.  The tunnels do not come back online until I restart Racoon.  All hardware test good.  Dual Xeon 4GB memory 8 intel ethernet ports.  Traffic on these tunnels is continually happening or trying to happen.  Below is what I see in the log.  Then when I restart the service I get connected.  I have replaced Public IP Addresses for security reasons.

      Nov 8 12:04:39 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=1182732207(0x467f0faf)
      Nov 8 12:04:39 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=136910666(0x829174a)
      Nov 8 12:04:39 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 2 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:c32b00059e19357f:f21ac0164c14c40e
      Nov 8 12:04:38 racoon: INFO: received Vendor ID: DPD
      Nov 8 12:04:38 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      Nov 8 12:04:38 racoon: INFO: received Vendor ID: CISCO-UNITY
      Nov 8 12:04:38 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 8 12:04:38 racoon: INFO: begin Identity Protection mode.
      Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
      Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
      Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
      Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
      Nov 8 12:04:38 racoon: ERROR: no suitable proposal found.
      Nov 8 12:04:38 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 8 12:04:38 racoon: INFO: begin Identity Protection mode.
      Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 12:04:32 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=25595907(0x1869003)
      Nov 8 12:04:32 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=71820913(0x447e671)
      Nov 8 12:04:32 racoon: [Office]: INFO: initiate new phase 2 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
      Nov 8 12:04:31 racoon: [Office]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[OFFICE PFSENSE][500] spi:e98aad41dcc89057:c2fa4ee735de6d02
      Nov 8 12:04:31 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 8 12:04:31 racoon: INFO: received Vendor ID: DPD
      Nov 8 12:04:31 racoon: INFO: begin Identity Protection mode.
      Nov 8 12:04:31 racoon: [Office]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
      Nov 8 12:04:31 racoon: [Office]: INFO: IPsec-SA request for [OFFICE PFSENSE] queued due to no phase1 found.
      Nov 8 12:04:30 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
      Nov 8 12:04:30 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
      Nov 8 12:04:30 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
      Nov 8 12:04:30 racoon: ERROR: no suitable proposal found.
      Nov 8 12:04:30 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 8 12:04:30 racoon: INFO: begin Identity Protection mode.
      Nov 8 12:04:30 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 12:04:22 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
      Nov 8 12:04:22 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
      Nov 8 12:04:22 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
      Nov 8 12:04:22 racoon: ERROR: no suitable proposal found.
      Nov 8 12:04:22 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 8 12:04:22 racoon: INFO: begin Identity Protection mode.
      Nov 8 12:04:22 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 12:04:14 racoon: INFO: unsupported PF_KEY message REGISTER
      Nov 8 12:04:14 racoon: [Self]: INFO: [THIS PFSENSE][500] used as isakmp port (fd=15)
      Nov 8 12:04:14 racoon: [Self]: INFO: [THIS PFSENSE][500] used for NAT-T
      Nov 8 12:04:14 racoon: [Self]: INFO: [THIS PFSENSE][4500] used as isakmp port (fd=14)
      Nov 8 12:04:14 racoon: [Self]: INFO: [THIS PFSENSE][4500] used for NAT-T
      Nov 8 12:04:14 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
      Nov 8 12:04:14 racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
      Nov 8 12:04:14 racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
      Nov 8 12:03:30 racoon: ERROR: failed to begin ipsec sa negotication.
      Nov 8 12:03:30 racoon: ERROR: phase1 negotiation failed due to send error. caf52fdcc98d8fa9:0000000000000000
      Nov 8 12:03:30 racoon: INFO: begin Identity Protection mode.
      Nov 8 12:03:30 racoon: [Office]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
      Nov 8 12:03:30 racoon: [Office]: INFO: IPsec-SA request for [OFFICE PFSENSE] queued due to no phase1 found.
      Nov 8 12:02:30 racoon: ERROR: failed to begin ipsec sa negotication.
      Nov 8 12:02:30 racoon: ERROR: phase1 negotiation failed due to send error. ac99b059c6122b49:0000000000000000
      Nov 8 12:02:30 racoon: INFO: begin Identity Protection mode.
      Nov 8 12:02:30 racoon: [Office]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
      Nov 8 12:02:30 racoon: [Office]: INFO: IPsec-SA request for [OFFICE PFSENSE] queued due to no phase1 found.
      Nov 8 12:02:05 racoon: ERROR: failed to begin ipsec sa negotication.
      Nov 8 12:02:05 racoon: ERROR: phase1 negotiation failed due to send error. fb5e4f7cd53c5424:0000000000000000
      Nov 8 12:02:05 racoon: INFO: begin Identity Protection mode.
      Nov 8 12:02:05 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 12:02:05 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
      Nov 8 12:00:59 racoon: ERROR: failed to begin ipsec sa negotication.
      Nov 8 12:00:59 racoon: ERROR: phase1 negotiation failed due to send error. 90f1013fc717375c:0000000000000000
      Nov 8 12:00:59 racoon: INFO: begin Identity Protection mode.
      Nov 8 12:00:59 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 12:00:59 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
      Nov 8 11:56:33 racoon: ERROR: failed to begin ipsec sa negotication.
      Nov 8 11:56:33 racoon: ERROR: phase1 negotiation failed due to send error. 85f6c06b547945be:0000000000000000
      Nov 8 11:56:33 racoon: INFO: begin Identity Protection mode.
      Nov 8 11:56:33 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 11:56:33 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
      Nov 8 11:54:04 racoon: [Office]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[OFFICE PFSENSE][500] spi:5d227dfe612d319b:9561505737b608d6
      Nov 8 11:54:04 racoon: INFO: purged ISAKMP-SA spi=5d227dfe612d319b:9561505737b608d6.
      Nov 8 11:54:04 racoon: INFO: purged IPsec-SA spi=19436053.
      Nov 8 11:54:04 racoon: INFO: purged IPsec-SA spi=219494195.
      Nov 8 11:54:04 racoon: INFO: purging ISAKMP-SA spi=5d227dfe612d319b:9561505737b608d6.
      Nov 8 11:54:04 racoon: [Office]: [[OFFICE PFSENSE]] INFO: DPD: remote (ISAKMP-SA spi=5d227dfe612d319b:9561505737b608d6) seems to be dead.
      Nov 8 11:53:49 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[CISCO][500] spi:b19553c01af28f09:9a688506e4b36bd7
      Nov 8 11:53:49 racoon: INFO: purged ISAKMP-SA spi=b19553c01af28f09:9a688506e4b36bd7.
      Nov 8 11:53:49 racoon: INFO: purged IPsec-SA spi=29596650.
      Nov 8 11:53:49 racoon: INFO: purged IPsec-SA spi=2642495299.
      Nov 8 11:53:49 racoon: INFO: purging ISAKMP-SA spi=b19553c01af28f09:9a688506e4b36bd7.
      Nov 8 11:53:49 racoon: [PEGASUS VPN 2]: [[CISCO]] INFO: DPD: remote (ISAKMP-SA spi=b19553c01af28f09:9a688506e4b36bd7) seems to be dead.
      Nov 8 11:15:50 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=2642495299(0x9d814743)
      Nov 8 11:15:50 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=29596650(0x1c39bea)
      Nov 8 11:15:50 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 2 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 11:15:49 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:b19553c01af28f09:9a688506e4b36bd7
      Nov 8 11:15:49 racoon: INFO: received Vendor ID: DPD
      Nov 8 11:15:49 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      Nov 8 11:15:49 racoon: INFO: received Vendor ID: CISCO-UNITY
      Nov 8 11:15:49 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 8 11:15:49 racoon: INFO: begin Identity Protection mode.
      Nov 8 11:15:49 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 11:15:49 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
      Nov 8 11:14:09 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[CISCO][500] spi:7f19e03787f46f58:1708e75fe08f4554
      Nov 8 11:14:09 racoon: INFO: purged ISAKMP-SA spi=7f19e03787f46f58:1708e75fe08f4554.
      Nov 8 11:14:09 racoon: INFO: purged IPsec-SA spi=98050674.
      Nov 8 11:14:09 racoon: INFO: purged IPsec-SA spi=2935461098.
      Nov 8 11:14:09 racoon: INFO: purging ISAKMP-SA spi=7f19e03787f46f58:1708e75fe08f4554.
      Nov 8 11:13:53 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[CISCO][500] spi:dec2cbc8abed5cae:fb85b2c2a26b1279
      Nov 8 11:13:53 racoon: INFO: purged ISAKMP-SA spi=dec2cbc8abed5cae:fb85b2c2a26b1279.
      Nov 8 11:13:53 racoon: INFO: purging ISAKMP-SA spi=dec2cbc8abed5cae:fb85b2c2a26b1279.
      Nov 8 11:13:53 racoon: [PEGASUS VPN 2]: [[CISCO]] INFO: DPD: remote (ISAKMP-SA spi=dec2cbc8abed5cae:fb85b2c2a26b1279) seems to be dead.
      Nov 8 11:13:33 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:dec2cbc8abed5cae:fb85b2c2a26b1279
      Nov 8 11:13:33 racoon: INFO: received Vendor ID: DPD
      Nov 8 11:13:33 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      Nov 8 11:13:33 racoon: INFO: received Vendor ID: CISCO-UNITY
      Nov 8 11:13:33 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 8 11:13:33 racoon: INFO: begin Identity Protection mode.
      Nov 8 11:13:33 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 09:33:58 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=219494195(0xd153733)
      Nov 8 09:33:58 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=19436053(0x1289215)
      Nov 8 09:33:58 racoon: [Office]: INFO: respond new phase 2 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
      Nov 8 09:33:57 racoon: [Office]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[OFFICE PFSENSE][500] spi:5d227dfe612d319b:9561505737b608d6
      Nov 8 09:33:57 racoon: INFO: received Vendor ID: DPD
      Nov 8 09:33:57 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 8 09:33:57 racoon: INFO: begin Identity Protection mode.
      Nov 8 09:33:57 racoon: [Office]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
      Nov 8 05:13:37 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=2935461098(0xaef794ea)
      Nov 8 05:13:37 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=98050674(0x5d82272)
      Nov 8 05:13:37 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 2 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 05:13:36 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:7f19e03787f46f58:1708e75fe08f4554
      Nov 8 05:13:36 racoon: INFO: received Vendor ID: DPD
      Nov 8 05:13:36 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      Nov 8 05:13:36 racoon: INFO: received Vendor ID: CISCO-UNITY
      Nov 8 05:13:36 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 8 05:13:36 racoon: INFO: begin Identity Protection mode.
      Nov 8 05:13:36 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 05:13:36 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
      Nov 8 05:11:52 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[CISCO][500] spi:3a6b8483fc25518d:4d2840759df992e0
      Nov 8 05:11:52 racoon: INFO: purged ISAKMP-SA spi=3a6b8483fc25518d:4d2840759df992e0.
      Nov 8 05:11:52 racoon: INFO: purged IPsec-SA spi=14310635.
      Nov 8 05:11:52 racoon: INFO: purged IPsec-SA spi=2218167601.
      Nov 8 05:11:52 racoon: INFO: purging ISAKMP-SA spi=3a6b8483fc25518d:4d2840759df992e0.
      Nov 8 05:11:41 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[CISCO][500] spi:2bbe102e9324910a:4c824d064cfc1ff6
      Nov 8 05:11:41 racoon: INFO: purged ISAKMP-SA spi=2bbe102e9324910a:4c824d064cfc1ff6.
      Nov 8 05:11:41 racoon: INFO: purging ISAKMP-SA spi=2bbe102e9324910a:4c824d064cfc1ff6.
      Nov 8 05:11:41 racoon: [PEGASUS VPN 2]: [[CISCO]] INFO: DPD: remote (ISAKMP-SA spi=2bbe102e9324910a:4c824d064cfc1ff6) seems to be dead.
      Nov 8 05:11:20 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:2bbe102e9324910a:4c824d064cfc1ff6
      Nov 8 05:11:20 racoon: INFO: received Vendor ID: DPD
      Nov 8 05:11:20 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      Nov 8 05:11:20 racoon: INFO: received Vendor ID: CISCO-UNITY
      Nov 8 05:11:20 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 8 05:11:20 racoon: INFO: begin Identity Protection mode.
      Nov 8 05:11:20 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 8 04:10:08 racoon: [Office]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[OFFICE PFSENSE][500] spi:d15a5527267ccfe1:aa6a71508d625ab1
      Nov 8 04:10:08 racoon: INFO: purged ISAKMP-SA spi=d15a5527267ccfe1:aa6a71508d625ab1.
      Nov 8 04:10:08 racoon: INFO: purged IPsec-SA spi=65960410.
      Nov 8 04:10:08 racoon: INFO: purged IPsec-SA spi=154138190.
      Nov 8 04:10:08 racoon: INFO: purging ISAKMP-SA spi=d15a5527267ccfe1:aa6a71508d625ab1.
      Nov 8 04:10:08 racoon: [Office]: [[OFFICE PFSENSE]] INFO: DPD: remote (ISAKMP-SA spi=d15a5527267ccfe1:aa6a71508d625ab1) seems to be dead.
      Nov 8 01:33:49 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=154138190(0x92ff64e)
      Nov 8 01:33:49 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=65960410(0x3ee79da)
      Nov 8 01:33:48 racoon: [Office]: INFO: respond new phase 2 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
      Nov 8 01:33:48 racoon: [Office]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[OFFICE PFSENSE][500] spi:d15a5527267ccfe1:aa6a71508d625ab1
      Nov 8 01:33:48 racoon: INFO: received Vendor ID: DPD
      Nov 8 01:33:48 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 8 01:33:48 racoon: INFO: begin Identity Protection mode.
      Nov 8 01:33:48 racoon: [Office]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
      Nov 7 23:11:47 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
      Nov 7 23:11:47 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
      Nov 7 23:11:47 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
      Nov 7 23:11:47 racoon: ERROR: no suitable proposal found.
      Nov 7 23:11:47 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 7 23:11:47 racoon: INFO: begin Identity Protection mode.
      Nov 7 23:11:47 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 7 23:11:39 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
      Nov 7 23:11:39 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
      Nov 7 23:11:39 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
      Nov 7 23:11:39 racoon: ERROR: no suitable proposal found.
      Nov 7 23:11:39 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 7 23:11:39 racoon: INFO: begin Identity Protection mode.
      Nov 7 23:11:39 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 7 23:11:31 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
      Nov 7 23:11:31 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
      Nov 7 23:11:31 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
      Nov 7 23:11:31 racoon: ERROR: no suitable proposal found.
      Nov 7 23:11:31 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 7 23:11:31 racoon: INFO: begin Identity Protection mode.
      Nov 7 23:11:31 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 7 23:11:24 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=2218167601(0x84368d31)
      Nov 7 23:11:24 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=14310635(0xda5ceb)
      Nov 7 23:11:24 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 2 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 7 23:11:24 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:3a6b8483fc25518d:4d2840759df992e0
      Nov 7 23:11:24 racoon: INFO: received Vendor ID: DPD
      Nov 7 23:11:24 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      Nov 7 23:11:24 racoon: INFO: received Vendor ID: CISCO-UNITY
      Nov 7 23:11:23 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 7 23:11:23 racoon: INFO: begin Identity Protection mode.
      Nov 7 23:11:23 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
      Nov 7 23:11:23 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
      Nov 7 23:11:23 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
      Nov 7 23:11:23 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
      Nov 7 23:11:23 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
      Nov 7 23:11:23 racoon: ERROR: no suitable proposal found.
      Nov 7 23:11:23 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      Nov 7 23:11:23 racoon: INFO: begin Identity Protection mode.

      Thanks for any help!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        By chance are you also running PPTP server on your firewall?

        http://redmine.pfsense.org/issues/1421

        If so, make sure that your PPTP server address is not set to an in-use IP, especially a WAN IP.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • E
          eprimaveri
          last edited by

          Yes I am.  Ok so I will change that to a local IP and test again.  Thank you for posting that information.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.