PFS 2.0 has a new location for phase 2 setups. Make sure that you click the + sign and setup the phase 2 and make sure the check box is enabled.
Marc R. Meshurle, Jr. Owner/Senior Engineer Kato Technology Solutions, Inc. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Brian Franklin Sent: Sunday, January 08, 2012 00:03 To: pfSense support and discussion Subject: Re: [pfSense] Problem with IPsec VPN "pfs group mismatched: my:2 peer:0" Check your "PFS key group" settings in Phase 2. Make sure they match on both sides. Brian www.ntginc.net -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jeremy Bennett Sent: Saturday, January 07, 2012 2:57 AM To: [email protected] Subject: [pfSense] Problem with IPsec VPN I have a site to site IPsec VPN setup. This is probably the 3rd or 4th set of these that I've done, and all the other setups seem to work fine-I've double-checked the setup, and if it is a config error, I am overlooking it. PFSense 2.0 final on Alix hardware. Site 2 always reports that the ipsec is down. I can restart it from services, and it works for a few hours, but ultimately shuts down. This is the error: Jan 5 15:02:21 racoon: [Site1]: [00.000.00.00 site1 address] ERROR: no proposal chosen [Check Phase 2 settings, algorithm]. Jan 5 15:02:21 racoon: [Site1]: [00.000.00.00 site1 address] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1). Jan 5 15:46:24 racoon: [Site1]: INFO: respond new phase 2 negotiation: 00.000.00.00 site2 address[500]<=>00.000.00.00 site1 address[500] Jan 5 15:46:24 racoon: ERROR: pfs group mismatched: my:2 peer:0 Jan 5 15:46:24 racoon: ERROR: not matched Jan 5 15:46:24 racoon: ERROR: no suitable policy found. This error repeats continuously in the log of site 2. How do I start troubleshooting this? Thank you, Jeremy _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
