Site2site tunnel shut down not coming up



  • hi, i have been trying to setup vpn tunnel between our two sites. i am using pfsense 1.2.3 at one end and linksys rvs4000 at other. when i setup for first time it was up n running in no time. for some reason tunnel was down this morning and could not bring it back no matter what i do. i am getting the below error. the vpn tunnel between pfsense and another RVS400 at another site is running without any issues. any help will be appreciated.
    thanks
    ![vpn error.png](/public/imported_attachments/1/vpn error.png)
    ![vpn error.png_thumb](/public/imported_attachments/1/vpn error.png_thumb)



  • Please check if there are many entries with WAN IP of Linksys site under "Status -> IPsec -> SAD". If so, restart the racoon service.



  • there are no entries at all for this site in SAD.
    thanks



  • I would suggest restarting VPN services (racoon in pfsense) on both ends, if possible.



  • its working now for some reason. i will monitor it till tomorrow. i suspect that the BT modem is blocking the vpn traffic. will update you tomorrow.
    thanks



  • hi, the tunnel is down few days ago. now i am back at our main site. no matter what i do, i could not bring the tunnel up. the error message is
    racoon: [Abdn-Leeds]: INFO: IPsec-SA request for xx.xx.xx.xx queued due to no phase1 found.
    Mar 26 14:49:53 racoon: ERROR: phase1 negotiation failed due to time up. 88b57bff254ae040:0000000000000000
    Mar 26 14:49:36 racoon: INFO: delete phase 2 handler.
    Mar 26 14:49:36 racoon: [Abdn-Leeds]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP xx.xx.xx.xx[0]->yy.yy.yy.yy[0]
    Mar 26 14:49:02 racoon: INFO: begin Aggressive mode.
    Mar 26 14:49:02 racoon: [Abdn-Leeds]: INFO: initiate new phase 1 negotiation: yy.yy.yy.yy[500]<=>xx.xx.xx.xx[500]
    where xx is branch IP and yy is main site IP. any help would be appreciated. thanks


Log in to reply