4. Tunnel won't be established

Tunnel won't be established

  • C

    Hello,

    I have a setup like it is being described in the IPSec tutorial with a static ip and a roadwarrior.

    I did all the steps like in the setup, but the tunnel does not want to work, it fails badly with the following error:

    Apr 17 16:51:08 	racoon: ERROR: phase1 negotiation failed due to time up. ca7c335dfb336be7:c58c9ef01bcdcde0
Apr 17 16:50:57 	last message repeated 4 times
Apr 17 16:50:18 	racoon: NOTIFY: the packet is retransmitted by road.warrior.ip.address[500].
Apr 17 16:50:07 	racoon: INFO: received Vendor ID: DPD
Apr 17 16:50:07 	racoon: INFO: begin Aggressive mode.
Apr 17 16:50:07 	racoon: INFO: respond new phase 1 negotiation: my.static.ip.address[500]<=>road.warrior.ip.address[500]
Apr 17 16:50:02 	racoon: ERROR: phase1 negotiation failed due to time up. 701aeca86c91c8b1:eb981537bbc3ae80
Apr 17 16:49:52 	racoon: NOTIFY: the packet is retransmitted by road.warrior.ip.address[500].

    Messages in the Roadwarrior logs are similar.. I can get a copy of them if needed.

    A word about the configuration:

    My static server has three interfaces and the static IP address is at the OPT1 interface.
    My roadwarrior server has two interfaces and thats WAN  8)

    I checked the config for the fourth time now and I think I havent made any errors that would make the tunnel fail in phase 1 like it does? I had a misconfigured timeserver and the clock was absolut wrong but even now that the clock is running with the correct time it fails..

    Any hints or suggestions? Need more info from me?

    regards
    Comradin

    0
  • H

    Just that I get you right, your static IPSEC tunnel end is an OPT1 interface? If yes you need a recent snapshot. IPSEC at OPTs was recently fixed.

    0
  • C

    Yes,

    thats correct. I have one PPPoE ADSL and one static SDSL. And as I cannot configure OPT1 to use PPPoE I have to use the WAN interface for the dynamic connection and OPT1 for my static connection.

    dynamic WAN – Server (local) -- static OPT1 ---> IPSec VPN <--- dynamic WAN -- Server (remote)

    This is what I have to do. And it works very good with the two interfaces and routing traffic via two Internet connections. Only thing is the IPSec VPN. But ok, if I have to use an uptodate snapshot, Ill do so :)

    0
  • C

    Ahh,

    where do I get these snapshots from?

    Are these the developer releases on the download page?

    regards,
    Comradin

    0
  • S

    Search is your friend.

    http://forum.pfsense.org/index.php/topic,3713.0.html

    0
  • C

    Ahh,

    I somehow expected an new iso image and was looking for it on the downloads page  ;D

    But OK, I downloaded the snapshot and am looking for how to install it, I guess its done via General -> Firmware?

    Ah, someone on IRC mentioned google for this and now the snapshot is installed. Now waiting for someone to appear at the other office for a test :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy