PF Sense to Monowall VPN / Newbie to VPN's

tulsapilot

Two of my friends and I are trying to set up a three way VPN.  They are running M0n0wall.  I'm running PF Sense.  We are seeing the following errors in the IPSEC Log.  Has anyone seen a problem like this and can point me in the right dir?

Jan 10 21:57:50 racoon: ERROR: phase1 negotiation failed due to time up. 0cb690fac74420d7:58a2314d483daadd
Jan 10 21:57:40 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Jan 10 21:57:39 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Jan 10 21:57:39 racoon: NOTIFY: the packet is retransmitted by 69.30.171.51[500].
Jan 10 21:57:30 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Jan 10 21:57:30 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Jan 10 21:57:30 racoon: NOTIFY: the packet is retransmitted by 69.30.171.51[500].
Jan 10 21:57:20 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Jan 10 21:57:19 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Jan 10 21:57:19 racoon: NOTIFY: the packet is retransmitted by 69.30.171.51[500].
Jan 10 21:57:10 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Jan 10 21:57:10 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Jan 10 21:57:09 racoon: NOTIFY: the packet is retransmitted by 69.30.171.51[500].
Jan 10 21:57:00 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Jan 10 21:56:59 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Jan 10 21:56:59 racoon: NOTIFY: the packet is retransmitted by 69.30.171.51[500].
Jan 10 21:56:50 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Jan 10 21:56:50 racoon: WARNING: No ID match.
Jan 10 21:56:50 racoon: INFO: received Vendor ID: DPD
Jan 10 21:56:50 racoon: INFO: begin Aggressive mode.
Jan 10 21:56:50 racoon: INFO: respond new phase 1 negotiation: 70.189.74.26[500]<=>69.30.171.51[500]

IPSec Config:

• <ipsec><preferredoldsa><enable>- <tunnel><interface>wan</interface>
• <local-subnet><address>192.168.4.0/22</address></local-subnet>
    <remote-subnet>10.0.0.0/8</remote-subnet>
    <remote-gateway>68.97.171.10</remote-gateway>
• <p1><mode>aggressive</mode>
• <myident><fqdn>theharrises.homeip.net</fqdn></myident>
    <encryption-algorithm>blowfish</encryption-algorithm>
    <hash-algorithm>md5</hash-algorithm>
    <dhgroup>2</dhgroup>
    <lifetime>28800</lifetime>
    <pre-shared-key>bob</pre-shared-key>
    <private-key><cert><peercert><authentication_method>pre_shared_key</authentication_method></peercert></cert></private-key></p1>
• <p2><protocol>esp</protocol>
    <encryption-algorithm-option>blowfish</encryption-algorithm-option>
    <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
    <hash-algorithm-option>hmac_md5</hash-algorithm-option>
    <pfsgroup>2</pfsgroup>
    <lifetime>28800</lifetime></p2>
    <descr>Justin's Network</descr></tunnel>
• <tunnel><interface>wan</interface>
• <local-subnet><address>192.168.4.0/22</address></local-subnet>
    <remote-subnet>192.168.1.0/24</remote-subnet>
    <remote-gateway>69.30.171.51</remote-gateway>
• <p1><mode>aggressive</mode>
• <myident><fqdn>theharrises.homeip.net</fqdn></myident>
    <encryption-algorithm>blowfish</encryption-algorithm>
    <hash-algorithm>md5</hash-algorithm>
    <dhgroup>2</dhgroup>
    <lifetime>28800</lifetime>
    <pre-shared-key>thisneedstoworknow</pre-shared-key>
    <private-key><cert><peercert><authentication_method>pre_shared_key</authentication_method></peercert></cert></private-key></p1>
• <p2><protocol>esp</protocol>
    <encryption-algorithm-option>blowfish</encryption-algorithm-option>
    <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
    <hash-algorithm-option>hmac_md5</hash-algorithm-option>
    <pfsgroup>2</pfsgroup>
    <lifetime>28800</lifetime></p2>
    <descr>Pope's Network</descr></tunnel>
• <mobilekey><ident>painter.homeip.net</ident>
    <pre-shared-key>dirt_bikes_rule</pre-shared-key></mobilekey>
• <mobilekey><ident>jpope.homeip.net</ident>
    <pre-shared-key>dirt_bikes_rule</pre-shared-key></mobilekey>
• <mobileclients>- <p1><mode>aggressive</mode>
• <myident><fqdn>theharrises.homeip.net</fqdn></myident>
    <encryption-algorithm>blowfish</encryption-algorithm>
    <hash-algorithm>sha1</hash-algorithm>
    <dhgroup>2</dhgroup>
    <lifetime>28800</lifetime>
    <private-key><cert><authentication_method>pre_shared_key</authentication_method></cert></private-key></p1>
• <p2><protocol>esp</protocol>
    <encryption-algorithm-option>blowfish</encryption-algorithm-option>
    <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
    <pfsgroup>2</pfsgroup>
    <lifetime>28800</lifetime></p2></mobileclients></enable></preferredoldsa></ipsec>

hoba

Phase one fails for some reason. I guess you have static IPs on WAN so just try the IP-Adresses as identifier. fqdn only works if they are configured on the other end correctly. I can confirm that m0n0-pfsense-tunnels are working without issues. Already tested that.