From owner-freebsd-questions@FreeBSD.ORG Wed Jul 2 01:32:36 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E307437B401 for ; Wed, 2 Jul 2003 01:32:36 -0700 (PDT) Received: from mta08bw.bigpond.com (mta08bw.bigpond.com [144.135.24.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FB494400F for ; Wed, 2 Jul 2003 01:32:36 -0700 (PDT) (envelope-from psandila@bigpond.net.au) Received: from desktop.nsw.bigpond.net.au ([144.135.24.81]) by mta08bw.email.bigpond.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <0HHE00G2V2BP0T@mta08bw.email.bigpond.com> for freebsd-questions@freebsd.org; Wed, 02 Jul 2003 18:31:01 +1000 (EST) Received: from cpe-144-132-178-155.nsw.bigpond.net.au ([144.132.178.155]) by bwmam05bpa.bigpond.com(MailRouter V3.2g 44/62117386); Wed, 02 Jul 2003 18:31:04 +0000 Date: Wed, 02 Jul 2003 18:39:13 +1000 From: Peter Sandilands In-reply-to: <20030701101823.GA31807@marvin.penguinpowered.org.uk> To: Wayne Pascoe , freebsd-questions@freebsd.org Message-id: <200307021839.13450.psandila@bigpond.net.au> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT User-Agent: KMail/1.4.3 References: <20030701101823.GA31807@marvin.penguinpowered.org.uk> Subject: Re: Racoon with Raptor X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: psandila@bigpond.net.au List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jul 2003 08:32:37 -0000 On Tue, 1 Jul 2003 08:18 pm, Wayne Pascoe wrote: > 2003-07-01 11:05:58: ERROR: isakmp.c:1776:isakmp_chkph1there(): phase2 > negotiation failed due to time up waiting for phase1. ESP I have seen this error when setting up a VVPN between FBSD and a D-Link 804V In my case it was the DLink expecting main mode and me trying aggressive Qs---- Do you get different behavour if you try to establish the VPn from each end? Run ethereal on the outside lan segment - it tells you what happens at the beginning of the key negotiation - at least until they go to encrypted mode. That way you will see if the Rapto is doing main, aggressive etc What do you setkeys -DP look like? > proposal { > encryption_algorithm des; > hash_algorithm md5; > authentication_method pre_shared_key; > dh_group 2 ; > } > > sainfo anonymous > { > pfs_group 1; > lifetime time 10 min; > encryption_algorithm des; > authentication_algorithm hmac_md5; > compression_algorithm deflate ; > } Looks ok to me. But what is the rest of the remote config? regards Pete