Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN site to site rarely working

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • maxxerM
      maxxer
      last edited by

      Hi.
      I've three different locations for which I've set up IPSec tunnel. At first they were all working fine, but then I noticed that often VPN status were down. It happens quite often, lately they're mostly down than up…
      i.e. half an hour ago one of these connections were up, now I go back and doesn't work anymore. and even if I force restart it won't go back up again.
      found this in the log:

      Mar 5 12:05:14 racoon: [VpnName]: [x.x.x.x] ERROR: notification INVALID-MESSAGE-ID received in informational exchange.
      Mar 5 12:05:23 racoon: ERROR: x.x.x.x give up to get IPsec-SA due to time up to wait.
      Mar 5 12:06:17 racoon: [VpnName]: INFO: initiate new phase 2 negotiation: y.y.y.y[500]<=>x.x.x.x[500]
      Mar 5 12:06:17 racoon: [VpnName]: [x.x.x.x] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange.
      Mar 5 12:06:27 racoon: [VpnName]: [x.x.x.x] ERROR: notification INVALID-MESSAGE-ID received in informational exchange.
      Mar 5 12:06:37 racoon: [VpnName]: [x.x.x.x] ERROR: notification INVALID-MESSAGE-ID received in informational exchange.
      Mar 5 12:06:47 racoon: ERROR: x.x.x.x give up to get IPsec-SA due to time up to wait.
      Mar 5 12:06:49 racoon: [VpnName]: INFO: initiate new phase 2 negotiation: y.y.y.y[500]<=>x.x.x.x[500]
      Mar 5 12:06:49 racoon: [VpnName]: [x.x.x.x] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange.
      Mar 5 12:06:59 racoon: [VpnName]: [x.x.x.x] ERROR: notification INVALID-MESSAGE-ID received in informational exchange.
      Mar 5 12:07:19 racoon: ERROR: x.x.x.x give up to get IPsec-SA due to time up to wait.
      Mar 5 12:07:23 racoon: [VpnName]: INFO: initiate new phase 2 negotiation: y.y.y.y[500]<=>x.x.x.x[500]
      Mar 5 12:07:23 racoon: [VpnName]: [x.x.x.x] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange.
      Mar 5 12:07:33 racoon: [VpnName]: [x.x.x.x] ERROR: notification INVALID-MESSAGE-ID received in informational exchange.
      Mar 5 12:07:44 racoon: [VpnName]: [x.x.x.x] ERROR: notification INVALID-MESSAGE-ID received in informational exchange.

      if I wait some time and I'm lucky it will connect someday! but how can this happen? why it works some times and some other not?
      the same issue happens with the other two tunnels.

      thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.