IPsec VPN to Windows Azure
-
I am setting up an ipsec vpn to windows azure.
This vpn keeps on dropping with the following error and reconnects with in a few minutes.
Does anyone have an idea how to fix?
Here is the logAug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=2866019992(0xaad3fe98)
Aug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=33804485(0x203d0c5)
Aug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=2932147670(0xaec505d6)
Aug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=194007198(0xb90509e)
Aug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=1685238744(0x6472b3d8)
Aug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=205017052(0xc384fdc)
Aug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=444785174(0x1a82e216)
Aug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=229225315(0xda9b363)
Aug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=2399938594(0x8f0c2822)
Aug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=88172378(0x541675a)
Aug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=3543351306(0xd333400a)
Aug 29 13:02:38 : INFO: IPsec-SA established: ESP 192.168.1.1[500]->123.123.123.123[500] spi=203604894(0xc22c39e)
Aug 29 13:02:38 ERROR: not matched
Aug 29 13:02:38 WARNING: authtype mismatched: my:hmac-sha peer:hmac-sha256
Aug 29 13:02:38 : INFO: respond new phase 2 negotiation: 192.168.1.1[500]<=>123.123.123.123[500]
Aug 29 13:02:38 ERROR: not matched
Aug 29 13:02:38 WARNING: authtype mismatched: my:hmac-sha peer:hmac-sha256
Aug 29 13:02:38 : INFO: respond new phase 2 negotiation: 192.168.1.1[500]<=>123.123.123.123[500]
Aug 29 13:02:38 ERROR: not matched
Aug 29 13:02:38 WARNING: authtype mismatched: my:hmac-sha peer:hmac-sha256
Aug 29 13:02:38 : INFO: respond new phase 2 negotiation: 192.168.1.1[500]<=>123.123.123.123[500]
Aug 29 13:02:38 ERROR: not matched
Aug 29 13:02:38 WARNING: authtype mismatched: my:hmac-sha peer:hmac-sha256
Aug 29 13:02:38 : INFO: respond new phase 2 negotiation: 192.168.1.1[500]<=>123.123.123.123[500]
Aug 29 13:02:38 ERROR: not matched
Aug 29 13:02:38 WARNING: authtype mismatched: my:hmac-sha peer:hmac-sha256
Aug 29 13:02:38 : INFO: respond new phase 2 negotiation: 192.168.1.1[500]<=>123.123.123.123[500]
Aug 29 13:02:38 ERROR: not matched
Aug 29 13:02:38 WARNING: authtype mismatched: my:hmac-sha peer:hmac-sha256
Aug 29 13:02:38 : INFO: respond new phase 2 negotiation: 192.168.1.1[500]<=>123.123.123.123[500]
Aug 29 13:01:38 INFO: purged IPsec-SA proto_id=ESP spi=2620735192.
Aug 29 13:01:38 INFO: purged IPsec-SA proto_id=ESP spi=1350342824.
Aug 29 13:01:38 INFO: purged IPsec-SA proto_id=ESP spi=3114734380.
Aug 29 13:01:38 INFO: purged IPsec-SA proto_id=ESP spi=4148636974.
Aug 29 13:01:38 INFO: purged IPsec-SA proto_id=ESP spi=2034106232.
Aug 29 13:01:38 INFO: purged IPsec-SA proto_id=ESP spi=2757192950.Here is the config
My settings are:
SITE A:
Remote Gateway: azure IP Address (123.123.123.123)
Mode: main
P1 Protocol: AES (256 bits)
P1 transforms: SHA1
pre shreadKey: veryverysecret
Encryption algorithm: AES | 256 bits
Hash algorithm: SHA1
DH Key Group: 2
Lifetime: 28800Phase 2:
Local Network: LAN subnet
Remote Network: 192.168.1.0/24
Protocol: ESP
Encryption algorithm: AES 256
Hash algorithms: SHA1
PFS key group: off
lifetime:3600 -
There is a whole bunch of documentation available here. Absolutely not apparent what your setup is, and frankly, this whole thing should be taken to Windows Azure Forums way before you start debugging pfSense stuff (basically until MS has determined this to be a BSD-specific issue at least.)