IPSEC ERRORS tunnel stopped working



  • A business paprtner and I set up an IPSEC tunnel last Thursday and it has been working great all weekend.  He is using a Sidewinder 7 and I am using Release 1.2 of PF Sense built on 1.2-RELEASE built on Sun Feb 24 17:13:15 EST 2008.  Everything was working great until Sunday or Monday.  I noticied that the Tunnel was down.

    Here are the errors that we are recieving:

    Sep 3 11:17:56 racoon: [Buiness Partner] : ERROR: 67.76.142.16 give up to get IPsec-SA due to time up to wait.
    Sep 3 11:17:26 racoon: [Buiness Partner] : INFO: initiate new phase 2 negotiation: 208.17.66.204[0]<=>67.76.142.16[0]
    Sep 3 11:17:19 racoon: [Buiness Partner] : ERROR: 67.76.142.16 give up to get IPsec-SA due to time up to wait.
    Sep 3 11:16:49 racoon: [Buiness Partner] : INFO: initiate new phase 2 negotiation: 208.17.66.204[0]<=>67.76.142.16[0]

    The tunnel will not come back up.  Neither of us have change anything on out firewall.  Does any one have any thoughts.

    The only change that I have made is that I have moved from a DELL SC440 to a DELL SC1500.  The SC1500 has a raid controller with 2 groups of disk (3 9's and 2 18's each in it's own raid arrray.  The on-board Intel adapter is working fine and the Intel 100 MB adapter is also working well.  Past that there are no issues.

    I have 8 tunnels and 3 are down two are experimental with remote clients using a vpn client and the other is my Business Partner.  I need to get this issue resolved asap.  any thoughs?
    Ron Carter



  • Hi,

    First, what says the logs of the other side?
    Regards
    Heiko



  • waiting to get word from by business partner
    RC



  • we might have the same issue… our band aid is to go into IPSEC, SAD , AND CLICK ON THE BOX WITH AN X AND DELETE ALL OF THEM...IN A FEW SECOND THE PING STARTS AGAIN..NOT SURE WHY..LOOKING INTO THIS



  • I have simular thing already have a post.

    http://forum.pfsense.org/index.php/topic,12095.0.html


Log in to reply