Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Phase 1 Negotiation failed due to time up

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Steve Mustafa
      last edited by

      I've been at this for sometime now and I can't seem to figure out how to fix this.  This a PoC for tunneling between a branch and the HQ after which we will be trying to connect about a dozen tunnels to the HQ.

      The details of the connection are EXACTLY the same (I've checked it about a dozen times already) here they are:

      HQ - Phase 1

      Negotiation mode             Main
      My identifier             My IP Address (blank)
      Encryption algorithm     3DES
      Hash algorithm             MD5 (I'd prefer SHA-1 but anything to make a connection at the moment)
      DH key group             2
      Lifetime                     86400 seconds
      Authentication method     Pre-Shared Key
      Pre-Shared Key             (Trust me, its the same on both sides)

      HQ - Phase 2

      Protocol                 AH
      Encryption algorithms 3DES
      Hash algorithms MD5
      PFS key group off
      Lifetime              3600

      Branch - Phase 1

      Negotiation mode             Main
      My identifier             My IP Address (blank)
      Encryption algorithm     3DES
      Hash algorithm             MD5
      DH key group             2
      Lifetime                     86400 seconds
      Authentication method     Pre-Shared Key
      Pre-Shared Key             (Yep, still the same here)

      Branch - Phase 2

      Protocol                 AH
      Encryption algorithms 3DES
      Hash algorithms MD5
      PFS key group off
      Lifetime              3600

      This exercise just double checked (for the umpteenth time) that both details one either branch are the same. What's Ironic is that I'm monitoring both firewalls at the same time because I've VPNed (PPTP) to both sites to make sure that they're one and the same.

      I've tried ESP and AH (Currently AH but this needs to be moved to ESP as soon as the PoC works).  Both sides operate on pfSense 1.2.3

      If anyone can shed light on this, I'll be VERY grateful.

      Cheers,
      SM

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.