Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec VPN help

    IPsec
    1
    1
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Genmaken
      last edited by

      Hi,

      I'm using PFsense 2.0.1. and trying to establish a VPN between two sites.

      Site A - 192.168.0.0/23 -> NAT to 172.18.0.5
      Site B - 10.0.0.0/8

      Phase 1 config:
      Identifiers -WAN addresses
      Policy Generation / Proposal Checking - Default
      AES 256 + SHA1
      DH group 2
      Lifetime: 86400

      Phase 1 apparently completes successfully but after 1 second ISAMP-SA expires and is deleted.
      VPN log:

      • Mar 13 15:05:40 racoon: [VPN]: INFO: ISAKMP-SA established Site A WAN [500]-Site B WAN[500] spi:406759183d754d24:6cf16552504d465e

      • Mar 13 15:05:41 racoon: [VPN]: INFO: initiate new phase 2 negotiation: Site A WAN [500]-Site B WAN[500]

      • Mar 13 15:05:41 racoon: [VPN]: INFO: ISAKMP-SA expired Site A WAN [500]-Site B WAN[500] spi:406759183d754d24:6cf16552504d465e

      • Mar 13 15:05:41 racoon: [VPN]: INFO: ISAKMP-SA deleted Site A WAN [500]-Site B WAN[500] spi:406759183d754d24:6cf16552504d465e

      Let me know if it's useful to paste the debug log here. Among all the entries I can see this message:

      racoon: ERROR: "SITE B WAN" give up to get IPsec-SA due to time up to wait.

      Any idea why the phase 1 expires almost instantly? Could this be a config mismatch issue?

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.