Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC VPN tunnel 1 side static failing

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kapara
      last edited by

      Have 2 pfsense firewalls 1 static and 1 dynamic.  Using basic config that works at all client sites but this one.  The only difference is one side is dynamic.  ISP is Comcast residential.  Attaching configuration of both tunnels.

      I have also set to use Older SA under advanced.

      Logs from Home Office:

      May 7 09:17:05 racoon: [Customer Main Office]: INFO: IPsec-SA request for 74.95.203.xxx queued due to no phase1 found.
      May 7 09:17:05 racoon: [Customer Main Office]: INFO: initiate new phase 1 negotiation: 174.50.143.xxx[500]<=>74.95.203.xxx[500]
      May 7 09:17:05 racoon: INFO: begin Identity Protection mode.
      May 7 09:17:36 racoon: [Customer Main Office]: [74.95.203.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 74.95.203.xxx[0]->174.50.143.xxx[0]
      May 7 09:17:36 racoon: INFO: delete phase 2 handler.
      May 7 09:17:47 racoon: [Customer Main Office]: [74.95.203.xxx] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
      May 7 09:17:55 racoon: ERROR: phase1 negotiation failed due to time up. 620ef7e6bf90cbdf:0000000000000000
      May 7 09:18:19 racoon: [Customer Main Office]: [74.95.203.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 74.95.203.xxx[0]->174.50.143.xxx[0]
      May 7 09:18:19 racoon: INFO: delete phase 2 handler.
      May 7 09:18:33 racoon: [Customer Main Office]: INFO: IPsec-SA request for 74.95.203.xxx queued due to no phase1 found.
      May 7 09:18:33 racoon: [Customer Main Office]: INFO: initiate new phase 1 negotiation: 174.50.143.xxx[500]<=>74.95.203.xxx[500]
      May 7 09:18:33 racoon: INFO: begin Identity Protection mode.
      May 7 09:19:04 racoon: [Customer Main Office]: [74.95.203.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 74.95.203.xxx[0]->174.50.143.xxx[0]
      May 7 09:19:04 racoon: INFO: delete phase 2 handler.
      May 7 09:19:23 racoon: [Customer Main Office]: [74.95.203.xxx] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
      May 7 09:19:23 racoon: ERROR: phase1 negotiation failed due to time up. 79931a534791f4a8:0000000000000000
      May 7 09:19:54 racoon: [Customer Main Office]: [74.95.203.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 74.95.203.xxx[0]->174.50.143.xxx[0]
      May 7 09:19:54 racoon: INFO: delete phase 2 handler.
      May 7 09:20:01 racoon: [Customer Main Office]: INFO: IPsec-SA request for 74.95.203.xxx queued due to no phase1 found.
      May 7 09:20:01 racoon: [Customer Main Office]: INFO: initiate new phase 1 negotiation: 174.50.143.xxx[500]<=>74.95.203.xxx[500]
      May 7 09:20:01 racoon: INFO: begin Identity Protection mode.
      May 7 09:20:33 racoon: [Customer Main Office]: [74.95.203.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 74.95.203.xxx[0]->174.50.143.xxx[0]
      May 7 09:20:33 racoon: INFO: delete phase 2 handler.
      May 7 09:20:51 racoon: ERROR: phase1 negotiation failed due to time up. 97c7f5a3eee3c2d5:0000000000000000
      May 7 09:20:55 racoon: [Customer Main Office]: INFO: IPsec-SA request for 74.95.203.xxx queued due to no phase1 found.
      May 7 09:20:55 racoon: [Customer Main Office]: INFO: initiate new phase 1 negotiation: 174.50.143.xxx[500]<=>74.95.203.xxx[500]
      May 7 09:20:55 racoon: INFO: begin Identity Protection mode.
      May 7 09:21:26 racoon: [Customer Main Office]: [74.95.203.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 74.95.203.xxx[0]->174.50.143.xxx[0]
      May 7 09:21:26 racoon: INFO: delete phase 2 handler.
      May 7 09:21:45 racoon: ERROR: phase1 negotiation failed due to time up. 3d79bc3566f8ec2e:0000000000000000
      May 7 09:21:49 racoon: [Customer Main Office]: INFO: IPsec-SA request for 74.95.203.xxx queued due to no phase1 found.
      May 7 09:21:49 racoon: [Customer Main Office]: INFO: initiate new phase 1 negotiation: 174.50.143.xxx[500]<=>74.95.203.xxx[500]
      May 7 09:21:49 racoon: INFO: begin Identity Protection mode.
      May 7 09:22:21 racoon: [Customer Main Office]: [74.95.203.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 74.95.203.xxx[0]->174.50.143.xxx[0]
      May 7 09:22:21 racoon: INFO: delete phase 2 handler.
      May 7 09:22:33 racoon: [Customer Main Office]: [74.95.203.xxx] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
      May 7 09:22:39 racoon: ERROR: phase1 negotiation failed due to time up. f50d046078446bd4:0000000000000000
      May 7 09:23:04 racoon: [Customer Main Office]: [74.95.203.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 74.95.203.xxx[0]->174.50.143.xxx[0]
      May 7 09:23:04 racoon: INFO: delete phase 2 handler.
      May 7 09:23:05 racoon: [Customer Main Office]: INFO: IPsec-SA request for 74.95.203.xxx queued due to no phase1 found.
      May 7 09:23:05 racoon: [Customer Main Office]: INFO: initiate new phase 1 negotiation: 174.50.143.xxx[500]<=>74.95.203.xxx[500]
      May 7 09:23:05 racoon: INFO: begin Identity Protection mode.

      Logs from Main Office:

      May 7 08:53:34 racoon: [Mark Home Office]: [174.50.143.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 174.50.143.xxx[0]->12.104.130.xxx[0]
      May 7 08:53:34 racoon: INFO: delete phase 2 handler.
      May 7 08:53:53 racoon: ERROR: phase1 negotiation failed due to time up. 3629cc617768b6ed:0000000000000000
      May 7 08:57:28 racoon: [Mark Home Office]: INFO: IPsec-SA request for 174.50.143.xxx queued due to no phase1 found.
      May 7 08:57:28 racoon: [Mark Home Office]: INFO: initiate new phase 1 negotiation: 12.104.130.xxx[500]<=>174.50.143.xxx[500]
      May 7 08:57:28 racoon: INFO: begin Identity Protection mode.
      May 7 08:57:59 racoon: [Mark Home Office]: [174.50.143.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 174.50.143.xxx[0]->12.104.130.xxx[0]
      May 7 08:57:59 racoon: INFO: delete phase 2 handler.
      May 7 08:58:18 racoon: ERROR: phase1 negotiation failed due to time up. e2d45459b8afbd9b:0000000000000000
      May 7 09:01:53 racoon: [Mark Home Office]: INFO: IPsec-SA request for 174.50.143.xxx queued due to no phase1 found.
      May 7 09:01:53 racoon: [Mark Home Office]: INFO: initiate new phase 1 negotiation: 12.104.130.xxx[500]<=>174.50.143.xxx[500]
      May 7 09:01:53 racoon: INFO: begin Identity Protection mode.
      May 7 09:02:25 racoon: [Mark Home Office]: [174.50.143.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 174.50.143.xxx[0]->12.104.130.xxx[0]
      May 7 09:02:25 racoon: INFO: delete phase 2 handler.
      May 7 09:02:43 racoon: ERROR: phase1 negotiation failed due to time up. 626100f500ae3966:0000000000000000
      May 7 09:06:18 racoon: [Mark Home Office]: INFO: IPsec-SA request for 174.50.143.xxx queued due to no phase1 found.
      May 7 09:06:18 racoon: [Mark Home Office]: INFO: initiate new phase 1 negotiation: 12.104.130.xxx[500]<=>174.50.143.xxx[500]
      May 7 09:06:18 racoon: INFO: begin Identity Protection mode.
      May 7 09:06:50 racoon: [Mark Home Office]: [174.50.143.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 174.50.143.xxx[0]->12.104.130.xxx[0]
      May 7 09:06:50 racoon: INFO: delete phase 2 handler.
      May 7 09:07:08 racoon: ERROR: phase1 negotiation failed due to time up. d5a3fcb2f9e9851a:0000000000000000
      May 7 09:10:43 racoon: [Mark Home Office]: INFO: IPsec-SA request for 174.50.143.xxx queued due to no phase1 found.
      May 7 09:10:43 racoon: [Mark Home Office]: INFO: initiate new phase 1 negotiation: 12.104.130.xxx[500]<=>174.50.143.xxx[500]
      May 7 09:10:43 racoon: INFO: begin Identity Protection mode.
      May 7 09:11:15 racoon: [Mark Home Office]: [174.50.143.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 174.50.143.xxx[0]->12.104.130.xxx[0]
      May 7 09:11:15 racoon: INFO: delete phase 2 handler.
      May 7 09:11:33 racoon: ERROR: phase1 negotiation failed due to time up. ee7659ebbc6fdb65:0000000000000000
      May 7 09:15:08 racoon: [Mark Home Office]: INFO: IPsec-SA request for 174.50.143.xxx queued due to no phase1 found.
      May 7 09:15:08 racoon: [Mark Home Office]: INFO: initiate new phase 1 negotiation: 12.104.130.xxx[500]<=>174.50.143.xxx[500]
      May 7 09:15:08 racoon: INFO: begin Identity Protection mode.
      May 7 09:15:40 racoon: [Mark Home Office]: [174.50.143.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 174.50.143.xxx[0]->12.104.130.xxx[0]
      May 7 09:15:40 racoon: INFO: delete phase 2 handler.
      May 7 09:15:58 racoon: ERROR: phase1 negotiation failed due to time up. 8c7a6da81b951a5f:0000000000000000
      May 7 09:19:34 racoon: [Mark Home Office]: INFO: IPsec-SA request for 174.50.143.xxx queued due to no phase1 found.
      May 7 09:19:34 racoon: [Mark Home Office]: INFO: initiate new phase 1 negotiation: 12.104.130.xxx[500]<=>174.50.143.xxx[500]
      May 7 09:19:34 racoon: INFO: begin Identity Protection mode.
      May 7 09:20:05 racoon: [Mark Home Office]: [174.50.143.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 174.50.143.xxx[0]->12.104.130.xxx[0]
      May 7 09:20:05 racoon: INFO: delete phase 2 handler.
      May 7 09:20:24 racoon: ERROR: phase1 negotiation failed due to time up. a0df64d3d8d2af05:0000000000000000
      May 7 09:23:59 racoon: [Mark Home Office]: INFO: IPsec-SA request for 174.50.143.xxx queued due to no phase1 found.
      May 7 09:23:59 racoon: [Mark Home Office]: INFO: initiate new phase 1 negotiation: 12.104.130.xxx[500]<=>174.50.143.xxx[500]
      May 7 09:23:59 racoon: INFO: begin Identity Protection mode.
      May 7 09:24:30 racoon: [Mark Home Office]: [174.50.143.xxx] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 174.50.143.xxx[0]->12.104.130.xxx[0]

      HomePhase1.PNG
      HomePhase1.PNG_thumb
      ![Home Phase2.PNG](/public/imported_attachments/1/Home Phase2.PNG)
      ![Home Phase2.PNG_thumb](/public/imported_attachments/1/Home Phase2.PNG_thumb)
      OfficePhase1.PNG
      OfficePhase1.PNG_thumb
      OfficePhase2.PNG
      OfficePhase2.PNG_thumb

      Skype ID:  Marinhd

      1 Reply Last reply Reply Quote 0
      • T
        tracer
        last edited by

        Looks like I had a similar problem, after a cabel disconnect from ISP side (powerloss of cable booster) the tunnel didn't come up.
        Checked dyndns and restarted both racoons, but did not help…
        The I clicked release on the WAN and connect after that and suddenly all tunnels where back !

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.