Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tunnel won't be established

    Scheduled Pinned Locked Moved IPsec
    6 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Comradin
      last edited by

      Hello,

      I have a setup like it is being described in the IPSec tutorial with a static ip and a roadwarrior.

      I did all the steps like in the setup, but the tunnel does not want to work, it fails badly with the following error:

      Apr 17 16:51:08 	racoon: ERROR: phase1 negotiation failed due to time up. ca7c335dfb336be7:c58c9ef01bcdcde0
      Apr 17 16:50:57 	last message repeated 4 times
      Apr 17 16:50:18 	racoon: NOTIFY: the packet is retransmitted by road.warrior.ip.address[500].
      Apr 17 16:50:07 	racoon: INFO: received Vendor ID: DPD
      Apr 17 16:50:07 	racoon: INFO: begin Aggressive mode.
      Apr 17 16:50:07 	racoon: INFO: respond new phase 1 negotiation: my.static.ip.address[500]<=>road.warrior.ip.address[500]
      Apr 17 16:50:02 	racoon: ERROR: phase1 negotiation failed due to time up. 701aeca86c91c8b1:eb981537bbc3ae80
      Apr 17 16:49:52 	racoon: NOTIFY: the packet is retransmitted by road.warrior.ip.address[500].
      

      Messages in the Roadwarrior logs are similar.. I can get a copy of them if needed.

      A word about the configuration:

      My static server has three interfaces and the static IP address is at the OPT1 interface.
      My roadwarrior server has two interfaces and thats WAN  8)

      I checked the config for the fourth time now and I think I havent made any errors that would make the tunnel fail in phase 1 like it does? I had a misconfigured timeserver and the clock was absolut wrong but even now that the clock is running with the correct time it fails..

      Any hints or suggestions? Need more info from me?

      regards
      Comradin

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Just that I get you right, your static IPSEC tunnel end is an OPT1 interface? If yes you need a recent snapshot. IPSEC at OPTs was recently fixed.

        1 Reply Last reply Reply Quote 0
        • C
          Comradin
          last edited by

          Yes,

          thats correct. I have one PPPoE ADSL and one static SDSL. And as I cannot configure OPT1 to use PPPoE I have to use the WAN interface for the dynamic connection and OPT1 for my static connection.

          dynamic WAN – Server (local) -- static OPT1 ---> IPSec VPN <--- dynamic WAN -- Server (remote)

          This is what I have to do. And it works very good with the two interfaces and routing traffic via two Internet connections. Only thing is the IPSec VPN. But ok, if I have to use an uptodate snapshot, Ill do so :)

          1 Reply Last reply Reply Quote 0
          • C
            Comradin
            last edited by

            Ahh,

            where do I get these snapshots from?

            Are these the developer releases on the download page?

            regards,
            Comradin

            1 Reply Last reply Reply Quote 0
            • S
              sullrich
              last edited by

              Search is your friend.

              http://forum.pfsense.org/index.php/topic,3713.0.html

              1 Reply Last reply Reply Quote 0
              • C
                Comradin
                last edited by

                Ahh,

                I somehow expected an new iso image and was looking for it on the downloads page  ;D

                But OK, I downloaded the snapshot and am looking for how to install it, I guess its done via General -> Firmware?

                Ah, someone on IRC mentioned google for this and now the snapshot is installed. Now waiting for someone to appear at the other office for a test :)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.