IPSec to Dlink DFL-260E over FQDN
-
Good time,
the third day in a row I'm struggling with what is incomprehensible to me a problem.I have to pfsense 2.1.5 with 2 WAN (white IP, for them to register for the name in the global DNS) on one side and on the other Dlink DFL-260E, the same white IP
On pfsense created a group of gateways, including dynamic switching gateways, all OK - switching gateways - intnternet work without any of the WAN.
I configured IPSEC to dlink over main IP, ping running as it should, as for the not yet started to set up failover ipsec. Finally got a problem: as soon as we change the settings on the FQDN, ie in setting pfsense set My identifier type dynamicDNS -> FQDN, configured dlink specify FQDN, strange but of course, you must indicate so dns: FQDN (eg. dns: google.com). Apply settings look forward to when the channel rises, it rises …. but only for 5 minutes, after 5 minutes we get here are the error and the channel falls
Feb 12 21:48:16 racoon: [VPN1]: INFO: initiate new phase 2 negotiation: WAN_PF[4500]<=>REMOTEIP[4500] Feb 12 21:48:04 racoon: ERROR: REMOTEIP give up to get IPsec-SA due to time up to wait. Feb 12 21:47:54 racoon: [VPN1]: [REMOTEIP] ERROR: error message: '"Could not find acceptable proposal f '. Feb 12 21:47:54 racoon: [VPN1]: [REMOTEIP] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange. Feb 12 21:47:44 racoon: [VPN1]: [REMOTEIP] ERROR: error message: '"Could not find acceptable proposal f '. Feb 12 21:47:44 racoon: [VPN1]: [REMOTEIP] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange. Feb 12 21:47:34 racoon: [VPN1]: [REMOTEIP] ERROR: error message: '"Could not find acceptable proposal f '. Feb 12 21:47:34 racoon: [VPN1]: [REMOTEIP] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange. Feb 12 21:47:34 racoon: ERROR: Xauth mode config set but peer did not declare itself as Xauth capable Feb 12 21:47:34 racoon: ERROR: Xauth mode config request but peer did not declare itself as Xauth capable Feb 12 21:47:34 racoon: ERROR: Xauth mode config request but peer did not declare itself as Xauth capable Feb 12 21:47:34 racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3). Feb 12 21:47:34 racoon: [VPN1]: INFO: initiate new phase 2 negotiation: WAN_PF[4500]<=>REMOTEIP[4500] Feb 12 21:47:20 racoon: ERROR: REMOTEIP give up to get IPsec-SA due to time up to wait. Feb 12 21:47:10 racoon: [VPN1]: [REMOTEIP] ERROR: error message: '"Could not find acceptable proposal ='. Feb 12 21:47:10 racoon: [VPN1]: [REMOTEIP] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange. Feb 12 21:47:00 racoon: [VPN1]: [REMOTEIP] ERROR: error message: '"Could not find acceptable proposal ='. Feb 12 21:47:00 racoon: [VPN1]: [REMOTEIP] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange. Feb 12 21:46:50 racoon: [VPN1]: [REMOTEIP] ERROR: error message: '"Could not find acceptable proposal ='. Feb 12 21:46:50 racoon: [VPN1]: [REMOTEIP] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange. Feb 12 21:46:50 racoon: ERROR: Xauth mode config set but peer did not declare itself as Xauth capable Feb 12 21:46:50 racoon: ERROR: Xauth mode config request but peer did not declare itself as Xauth capable Feb 12 21:46:50 racoon: ERROR: Xauth mode config request but peer did not declare itself as Xauth capable Feb 12 21:46:50 racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3). Feb 12 21:46:50 racoon: [VPN1]: INFO: initiate new phase 2 negotiation: WAN_PF[4500]<=>REMOTEIP[4500]10 min pings start running again, and after 5 minutes again disappear, and so on ad infinitum.
anywhere in the documentation indicates that you must check the second phase, but then why when you specify the IP nicely? it may be necessary to throw dlink?
Me back to the IP address - all takes off.
Please tell me where to dig?
Sorry for my english) google.com