IPSec VPN help



  • Hi,

    I'm using PFsense 2.0.1. and trying to establish a VPN between two sites.

    Site A - 192.168.0.0/23 -> NAT to 172.18.0.5
    Site B - 10.0.0.0/8

    Phase 1 config:
    Identifiers -WAN addresses
    Policy Generation / Proposal Checking - Default
    AES 256 + SHA1
    DH group 2
    Lifetime: 86400

    Phase 1 apparently completes successfully but after 1 second ISAMP-SA expires and is deleted.
    VPN log:

    • Mar 13 15:05:40 racoon: [VPN]: INFO: ISAKMP-SA established Site A WAN [500]-Site B WAN[500] spi:406759183d754d24:6cf16552504d465e

    • Mar 13 15:05:41 racoon: [VPN]: INFO: initiate new phase 2 negotiation: Site A WAN [500]-Site B WAN[500]

    • Mar 13 15:05:41 racoon: [VPN]: INFO: ISAKMP-SA expired Site A WAN [500]-Site B WAN[500] spi:406759183d754d24:6cf16552504d465e

    • Mar 13 15:05:41 racoon: [VPN]: INFO: ISAKMP-SA deleted Site A WAN [500]-Site B WAN[500] spi:406759183d754d24:6cf16552504d465e

    Let me know if it's useful to paste the debug log here. Among all the entries I can see this message:

    racoon: ERROR: "SITE B WAN" give up to get IPsec-SA due to time up to wait.

    Any idea why the phase 1 expires almost instantly? Could this be a config mismatch issue?

    Thanks


Log in to reply