IPSec Stops working within 24 hours 2.0-RELEASE (amd64)



  • I have setup 2 IPSec VPN Tunnels.  One with our home office PFSense 1.2.3 and one with a client using Cisco.  This is a clean install and new setup.  Within 24 hours my VPN Tunnels go down and do not renegotiate.  My internet connections are working fine.  The tunnels do not come back online until I restart Racoon.  All hardware test good.  Dual Xeon 4GB memory 8 intel ethernet ports.  Traffic on these tunnels is continually happening or trying to happen.  Below is what I see in the log.  Then when I restart the service I get connected.  I have replaced Public IP Addresses for security reasons.

    Nov 8 12:04:39 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=1182732207(0x467f0faf)
    Nov 8 12:04:39 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=136910666(0x829174a)
    Nov 8 12:04:39 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 2 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:c32b00059e19357f:f21ac0164c14c40e
    Nov 8 12:04:38 racoon: INFO: received Vendor ID: DPD
    Nov 8 12:04:38 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Nov 8 12:04:38 racoon: INFO: received Vendor ID: CISCO-UNITY
    Nov 8 12:04:38 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 8 12:04:38 racoon: INFO: begin Identity Protection mode.
    Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
    Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
    Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
    Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
    Nov 8 12:04:38 racoon: ERROR: no suitable proposal found.
    Nov 8 12:04:38 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 8 12:04:38 racoon: INFO: begin Identity Protection mode.
    Nov 8 12:04:38 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 12:04:32 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=25595907(0x1869003)
    Nov 8 12:04:32 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=71820913(0x447e671)
    Nov 8 12:04:32 racoon: [Office]: INFO: initiate new phase 2 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
    Nov 8 12:04:31 racoon: [Office]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[OFFICE PFSENSE][500] spi:e98aad41dcc89057:c2fa4ee735de6d02
    Nov 8 12:04:31 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 8 12:04:31 racoon: INFO: received Vendor ID: DPD
    Nov 8 12:04:31 racoon: INFO: begin Identity Protection mode.
    Nov 8 12:04:31 racoon: [Office]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
    Nov 8 12:04:31 racoon: [Office]: INFO: IPsec-SA request for [OFFICE PFSENSE] queued due to no phase1 found.
    Nov 8 12:04:30 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
    Nov 8 12:04:30 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
    Nov 8 12:04:30 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
    Nov 8 12:04:30 racoon: ERROR: no suitable proposal found.
    Nov 8 12:04:30 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 8 12:04:30 racoon: INFO: begin Identity Protection mode.
    Nov 8 12:04:30 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 12:04:22 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
    Nov 8 12:04:22 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
    Nov 8 12:04:22 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
    Nov 8 12:04:22 racoon: ERROR: no suitable proposal found.
    Nov 8 12:04:22 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 8 12:04:22 racoon: INFO: begin Identity Protection mode.
    Nov 8 12:04:22 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 12:04:14 racoon: INFO: unsupported PF_KEY message REGISTER
    Nov 8 12:04:14 racoon: [Self]: INFO: [THIS PFSENSE][500] used as isakmp port (fd=15)
    Nov 8 12:04:14 racoon: [Self]: INFO: [THIS PFSENSE][500] used for NAT-T
    Nov 8 12:04:14 racoon: [Self]: INFO: [THIS PFSENSE][4500] used as isakmp port (fd=14)
    Nov 8 12:04:14 racoon: [Self]: INFO: [THIS PFSENSE][4500] used for NAT-T
    Nov 8 12:04:14 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
    Nov 8 12:04:14 racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
    Nov 8 12:04:14 racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
    Nov 8 12:03:30 racoon: ERROR: failed to begin ipsec sa negotication.
    Nov 8 12:03:30 racoon: ERROR: phase1 negotiation failed due to send error. caf52fdcc98d8fa9:0000000000000000
    Nov 8 12:03:30 racoon: INFO: begin Identity Protection mode.
    Nov 8 12:03:30 racoon: [Office]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
    Nov 8 12:03:30 racoon: [Office]: INFO: IPsec-SA request for [OFFICE PFSENSE] queued due to no phase1 found.
    Nov 8 12:02:30 racoon: ERROR: failed to begin ipsec sa negotication.
    Nov 8 12:02:30 racoon: ERROR: phase1 negotiation failed due to send error. ac99b059c6122b49:0000000000000000
    Nov 8 12:02:30 racoon: INFO: begin Identity Protection mode.
    Nov 8 12:02:30 racoon: [Office]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
    Nov 8 12:02:30 racoon: [Office]: INFO: IPsec-SA request for [OFFICE PFSENSE] queued due to no phase1 found.
    Nov 8 12:02:05 racoon: ERROR: failed to begin ipsec sa negotication.
    Nov 8 12:02:05 racoon: ERROR: phase1 negotiation failed due to send error. fb5e4f7cd53c5424:0000000000000000
    Nov 8 12:02:05 racoon: INFO: begin Identity Protection mode.
    Nov 8 12:02:05 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 12:02:05 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
    Nov 8 12:00:59 racoon: ERROR: failed to begin ipsec sa negotication.
    Nov 8 12:00:59 racoon: ERROR: phase1 negotiation failed due to send error. 90f1013fc717375c:0000000000000000
    Nov 8 12:00:59 racoon: INFO: begin Identity Protection mode.
    Nov 8 12:00:59 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 12:00:59 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
    Nov 8 11:56:33 racoon: ERROR: failed to begin ipsec sa negotication.
    Nov 8 11:56:33 racoon: ERROR: phase1 negotiation failed due to send error. 85f6c06b547945be:0000000000000000
    Nov 8 11:56:33 racoon: INFO: begin Identity Protection mode.
    Nov 8 11:56:33 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 11:56:33 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
    Nov 8 11:54:04 racoon: [Office]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[OFFICE PFSENSE][500] spi:5d227dfe612d319b:9561505737b608d6
    Nov 8 11:54:04 racoon: INFO: purged ISAKMP-SA spi=5d227dfe612d319b:9561505737b608d6.
    Nov 8 11:54:04 racoon: INFO: purged IPsec-SA spi=19436053.
    Nov 8 11:54:04 racoon: INFO: purged IPsec-SA spi=219494195.
    Nov 8 11:54:04 racoon: INFO: purging ISAKMP-SA spi=5d227dfe612d319b:9561505737b608d6.
    Nov 8 11:54:04 racoon: [Office]: [[OFFICE PFSENSE]] INFO: DPD: remote (ISAKMP-SA spi=5d227dfe612d319b:9561505737b608d6) seems to be dead.
    Nov 8 11:53:49 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[CISCO][500] spi:b19553c01af28f09:9a688506e4b36bd7
    Nov 8 11:53:49 racoon: INFO: purged ISAKMP-SA spi=b19553c01af28f09:9a688506e4b36bd7.
    Nov 8 11:53:49 racoon: INFO: purged IPsec-SA spi=29596650.
    Nov 8 11:53:49 racoon: INFO: purged IPsec-SA spi=2642495299.
    Nov 8 11:53:49 racoon: INFO: purging ISAKMP-SA spi=b19553c01af28f09:9a688506e4b36bd7.
    Nov 8 11:53:49 racoon: [PEGASUS VPN 2]: [[CISCO]] INFO: DPD: remote (ISAKMP-SA spi=b19553c01af28f09:9a688506e4b36bd7) seems to be dead.
    Nov 8 11:15:50 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=2642495299(0x9d814743)
    Nov 8 11:15:50 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=29596650(0x1c39bea)
    Nov 8 11:15:50 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 2 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 11:15:49 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:b19553c01af28f09:9a688506e4b36bd7
    Nov 8 11:15:49 racoon: INFO: received Vendor ID: DPD
    Nov 8 11:15:49 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Nov 8 11:15:49 racoon: INFO: received Vendor ID: CISCO-UNITY
    Nov 8 11:15:49 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 8 11:15:49 racoon: INFO: begin Identity Protection mode.
    Nov 8 11:15:49 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 11:15:49 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
    Nov 8 11:14:09 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[CISCO][500] spi:7f19e03787f46f58:1708e75fe08f4554
    Nov 8 11:14:09 racoon: INFO: purged ISAKMP-SA spi=7f19e03787f46f58:1708e75fe08f4554.
    Nov 8 11:14:09 racoon: INFO: purged IPsec-SA spi=98050674.
    Nov 8 11:14:09 racoon: INFO: purged IPsec-SA spi=2935461098.
    Nov 8 11:14:09 racoon: INFO: purging ISAKMP-SA spi=7f19e03787f46f58:1708e75fe08f4554.
    Nov 8 11:13:53 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[CISCO][500] spi:dec2cbc8abed5cae:fb85b2c2a26b1279
    Nov 8 11:13:53 racoon: INFO: purged ISAKMP-SA spi=dec2cbc8abed5cae:fb85b2c2a26b1279.
    Nov 8 11:13:53 racoon: INFO: purging ISAKMP-SA spi=dec2cbc8abed5cae:fb85b2c2a26b1279.
    Nov 8 11:13:53 racoon: [PEGASUS VPN 2]: [[CISCO]] INFO: DPD: remote (ISAKMP-SA spi=dec2cbc8abed5cae:fb85b2c2a26b1279) seems to be dead.
    Nov 8 11:13:33 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:dec2cbc8abed5cae:fb85b2c2a26b1279
    Nov 8 11:13:33 racoon: INFO: received Vendor ID: DPD
    Nov 8 11:13:33 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Nov 8 11:13:33 racoon: INFO: received Vendor ID: CISCO-UNITY
    Nov 8 11:13:33 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 8 11:13:33 racoon: INFO: begin Identity Protection mode.
    Nov 8 11:13:33 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 09:33:58 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=219494195(0xd153733)
    Nov 8 09:33:58 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=19436053(0x1289215)
    Nov 8 09:33:58 racoon: [Office]: INFO: respond new phase 2 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
    Nov 8 09:33:57 racoon: [Office]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[OFFICE PFSENSE][500] spi:5d227dfe612d319b:9561505737b608d6
    Nov 8 09:33:57 racoon: INFO: received Vendor ID: DPD
    Nov 8 09:33:57 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 8 09:33:57 racoon: INFO: begin Identity Protection mode.
    Nov 8 09:33:57 racoon: [Office]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
    Nov 8 05:13:37 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=2935461098(0xaef794ea)
    Nov 8 05:13:37 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=98050674(0x5d82272)
    Nov 8 05:13:37 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 2 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 05:13:36 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:7f19e03787f46f58:1708e75fe08f4554
    Nov 8 05:13:36 racoon: INFO: received Vendor ID: DPD
    Nov 8 05:13:36 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Nov 8 05:13:36 racoon: INFO: received Vendor ID: CISCO-UNITY
    Nov 8 05:13:36 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 8 05:13:36 racoon: INFO: begin Identity Protection mode.
    Nov 8 05:13:36 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 05:13:36 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
    Nov 8 05:11:52 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[CISCO][500] spi:3a6b8483fc25518d:4d2840759df992e0
    Nov 8 05:11:52 racoon: INFO: purged ISAKMP-SA spi=3a6b8483fc25518d:4d2840759df992e0.
    Nov 8 05:11:52 racoon: INFO: purged IPsec-SA spi=14310635.
    Nov 8 05:11:52 racoon: INFO: purged IPsec-SA spi=2218167601.
    Nov 8 05:11:52 racoon: INFO: purging ISAKMP-SA spi=3a6b8483fc25518d:4d2840759df992e0.
    Nov 8 05:11:41 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[CISCO][500] spi:2bbe102e9324910a:4c824d064cfc1ff6
    Nov 8 05:11:41 racoon: INFO: purged ISAKMP-SA spi=2bbe102e9324910a:4c824d064cfc1ff6.
    Nov 8 05:11:41 racoon: INFO: purging ISAKMP-SA spi=2bbe102e9324910a:4c824d064cfc1ff6.
    Nov 8 05:11:41 racoon: [PEGASUS VPN 2]: [[CISCO]] INFO: DPD: remote (ISAKMP-SA spi=2bbe102e9324910a:4c824d064cfc1ff6) seems to be dead.
    Nov 8 05:11:20 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:2bbe102e9324910a:4c824d064cfc1ff6
    Nov 8 05:11:20 racoon: INFO: received Vendor ID: DPD
    Nov 8 05:11:20 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Nov 8 05:11:20 racoon: INFO: received Vendor ID: CISCO-UNITY
    Nov 8 05:11:20 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 8 05:11:20 racoon: INFO: begin Identity Protection mode.
    Nov 8 05:11:20 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 8 04:10:08 racoon: [Office]: INFO: ISAKMP-SA deleted [THIS PFSENSE][500]-[OFFICE PFSENSE][500] spi:d15a5527267ccfe1:aa6a71508d625ab1
    Nov 8 04:10:08 racoon: INFO: purged ISAKMP-SA spi=d15a5527267ccfe1:aa6a71508d625ab1.
    Nov 8 04:10:08 racoon: INFO: purged IPsec-SA spi=65960410.
    Nov 8 04:10:08 racoon: INFO: purged IPsec-SA spi=154138190.
    Nov 8 04:10:08 racoon: INFO: purging ISAKMP-SA spi=d15a5527267ccfe1:aa6a71508d625ab1.
    Nov 8 04:10:08 racoon: [Office]: [[OFFICE PFSENSE]] INFO: DPD: remote (ISAKMP-SA spi=d15a5527267ccfe1:aa6a71508d625ab1) seems to be dead.
    Nov 8 01:33:49 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=154138190(0x92ff64e)
    Nov 8 01:33:49 racoon: [Office]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[OFFICE PFSENSE][500] spi=65960410(0x3ee79da)
    Nov 8 01:33:48 racoon: [Office]: INFO: respond new phase 2 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
    Nov 8 01:33:48 racoon: [Office]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[OFFICE PFSENSE][500] spi:d15a5527267ccfe1:aa6a71508d625ab1
    Nov 8 01:33:48 racoon: INFO: received Vendor ID: DPD
    Nov 8 01:33:48 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 8 01:33:48 racoon: INFO: begin Identity Protection mode.
    Nov 8 01:33:48 racoon: [Office]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[OFFICE PFSENSE][500]
    Nov 7 23:11:47 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
    Nov 7 23:11:47 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
    Nov 7 23:11:47 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
    Nov 7 23:11:47 racoon: ERROR: no suitable proposal found.
    Nov 7 23:11:47 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 7 23:11:47 racoon: INFO: begin Identity Protection mode.
    Nov 7 23:11:47 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 7 23:11:39 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
    Nov 7 23:11:39 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
    Nov 7 23:11:39 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
    Nov 7 23:11:39 racoon: ERROR: no suitable proposal found.
    Nov 7 23:11:39 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 7 23:11:39 racoon: INFO: begin Identity Protection mode.
    Nov 7 23:11:39 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 7 23:11:31 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
    Nov 7 23:11:31 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
    Nov 7 23:11:31 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
    Nov 7 23:11:31 racoon: ERROR: no suitable proposal found.
    Nov 7 23:11:31 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 7 23:11:31 racoon: INFO: begin Identity Protection mode.
    Nov 7 23:11:31 racoon: [PEGASUS VPN 2]: INFO: respond new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 7 23:11:24 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=2218167601(0x84368d31)
    Nov 7 23:11:24 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA established: ESP [THIS PFSENSE][500]->[CISCO][500] spi=14310635(0xda5ceb)
    Nov 7 23:11:24 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 2 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 7 23:11:24 racoon: [PEGASUS VPN 2]: INFO: ISAKMP-SA established [THIS PFSENSE][500]-[CISCO][500] spi:3a6b8483fc25518d:4d2840759df992e0
    Nov 7 23:11:24 racoon: INFO: received Vendor ID: DPD
    Nov 7 23:11:24 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Nov 7 23:11:24 racoon: INFO: received Vendor ID: CISCO-UNITY
    Nov 7 23:11:23 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 7 23:11:23 racoon: INFO: begin Identity Protection mode.
    Nov 7 23:11:23 racoon: [PEGASUS VPN 2]: INFO: initiate new phase 1 negotiation: [THIS PFSENSE][500]<=>[CISCO][500]
    Nov 7 23:11:23 racoon: [PEGASUS VPN 2]: INFO: IPsec-SA request for [CISCO] queued due to no phase1 found.
    Nov 7 23:11:23 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: phase1 negotiation failed.
    Nov 7 23:11:23 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
    Nov 7 23:11:23 racoon: [PEGASUS VPN 2]: [[CISCO]] ERROR: failed to get valid proposal.
    Nov 7 23:11:23 racoon: ERROR: no suitable proposal found.
    Nov 7 23:11:23 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Nov 7 23:11:23 racoon: INFO: begin Identity Protection mode.

    Thanks for any help!


  • Rebel Alliance Developer Netgate

    By chance are you also running PPTP server on your firewall?

    http://redmine.pfsense.org/issues/1421

    If so, make sure that your PPTP server address is not set to an in-use IP, especially a WAN IP.



  • Yes I am.  Ok so I will change that to a local IP and test again.  Thank you for posting that information.


Locked