Multiple Site-To-Site IPsec Problem

e__n

Hello, I have a pfSense instance with a static IP, 192.168.2.0/24 on a static IP

Prior to my upgrade to 2.0 Release (I think I was using build RC1), I had a setup similar to:

Phase 1 mobile tunnel, Mutual PSK, Aggressive Mode, 3DES, MD5, DH Group1, 28800 key lifetime
Phase 2 (a) ESP, 3DES, MD5, PFS Group1, 28800 key lifetime
…
Phase 2 (f) ESP, 3DES, MD5, PFS Group1, 28800 key lifetime

So 6 phase 2 entries for VPN endpoints that all have dynamic IP addresses.  Each had a unique ID/PSK

This configuration worked fine.

I upgraded to 2.0-Release, and racoon would not start due to a configuration error.

I noticed that the line number of the error was related to the mobile VPN, so I deleted the phase 1/phase 2's for dynamic IP sites

Tried to re-create them and I cannot create more than one Phase 2 with the same LAN

Not only that, but not a single one will connect.  All error out with "no valid sa" or "no remote configuration".  I can post the full log, but I have racoon debug on at the moment and don't want to flood the post if I am missing something obvious (to others).

Any idea how I can get this config back with  multiple phase 2's and the same LAN entry?

Thanks in advance for any advice.

e__n

Just to update, after leaving this alone all night I do see SAD and SPD entries for the dynamic IP sites, but no data sent/received and I am unable to ping any of them.