On Fri, 2012-01-06 at 22:57 -1000, Jeremy Bennett wrote: > I have a site to site IPsec VPN setup. This is probably the 3rd or 4th set of > these that I’ve done, and all the other setups seem to work fine–I’ve > double-checked the setup, and if it is a config error, I am overlooking it. > > PFSense 2.0 final on Alix hardware. > > Site 2 always reports that the ipsec is down. I can restart it from services, > and it works for a few hours, but ultimately shuts down. > > This is the error: > > Jan 5 15:02:21 racoon: [Site1]: [00.000.00.00 site1 address] ERROR: no > proposal chosen [Check Phase 2 settings, algorithm]. > Jan 5 15:02:21 racoon: [Site1]: [00.000.00.00 site1 address] ERROR: > failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, > status: 1). > Jan 5 15:46:24 racoon: [Site1]: INFO: respond new phase 2 negotiation: > 00.000.00.00 site2 address[500]<=>00.000.00.00 site1 address[500] > Jan 5 15:46:24 racoon: ERROR: pfs group mismatched: my:2 peer:0 > Jan 5 15:46:24 racoon: ERROR: not matched > Jan 5 15:46:24 racoon: ERROR: no suitable policy found. > > This error repeats continuously in the log of site 2. > > How do I start troubleshooting this? I have several IPSEC vpn tunnels between alix machines and work just fine. I guess you need to try other configurations. Read vpn ipsec examples from pfsense site/forum. Use main instead of aggressive.
If still doesn't work after you try new configuration from tutorials, please let me know and i will send several print screens / config > > Thank you, > Jeremy > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
