Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.02 Ipsec VPN goes down randomly

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      itslocalhost
      last edited by

      I have tried enabling and disabling  "Prefer older IPsec SAs ", tried disabling NAT-T  but still no luck.

      This my ipsec vpn configuration.

      Phase 1
      Authentication method : Mutual PSK
      Negotiation mode : Aggressive
      Policy Generation :Default
      Proposal Checking : Obey
      Encryption algorithm : 3DES
      Hash algorithm : SHA1
      DH key group : 5
      Life time :28800
      NAT T    : Disabled
      DPD  : enabled(60 secs and 5 retries)

      Phase 2
      Protocol :ESP
      Encryption algorithms: 3DES
      Hash algorithms: SHA1
      PFS key group : 2
      Life time : 1800

      racoon: [–-------]: INFO: initiate new phase 1 negotiation: x.x.x.x[500]<=>x.x.x.x1500]
      racoon: [–-------]: INFO: IPsec-SA request for x.x.x.x1 queued due to no phase1 found.
      racoon: ERROR: failed to begin ipsec sa negotication.
      racoon: ERROR: phase1 negotiation failed due to send error. b52634c42b55942e:0000000000000000
      racoon: INFO: begin Aggressive mode.

      1 Reply Last reply Reply Quote 0
      • T
        ttblum
        last edited by

        Normally 'queued due to no phase1 found' and 'phase1 negotiation failed' means that Phase1 settings aren't matching between the two endpoints.  What device is the remote endpoint?

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          "racoon: ERROR: phase1 negotiation failed due to send error" is what happens when you have a misconfigured PPTP server and a client disconnects. PPTP server should never use an assigned IP of any sort, especially WAN, as its server IP.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.