Date: Wed, 02 Jul 2003 18:39:13 +1000 From: Peter Sandilands <psandila@bigpond.net.au> To: Wayne Pascoe <freebsd@penguinpowered.org.uk>, freebsd-questions@freebsd.org Subject: Re: Racoon with Raptor Message-ID: <200307021839.13450.psandila@bigpond.net.au> In-Reply-To: <20030701101823.GA31807@marvin.penguinpowered.org.uk> References: <20030701101823.GA31807@marvin.penguinpowered.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Jul 2003 08:18 pm, Wayne Pascoe wrote:
> 2003-07-01 11:05:58: ERROR: isakmp.c:1776:isakmp_chkph1there(): phase2
> negotiation failed due to time up waiting for phase1. ESP
I have seen this error when setting up a VVPN between FBSD and a D-Link 804V
In my case it was the DLink expecting main mode and me trying aggressive
Qs----
Do you get different behavour if you try to establish the VPn from each end?
Run ethereal on the outside lan segment - it tells you what happens at the
beginning of the key negotiation - at least until they go to encrypted mode.
That way you will see if the Rapto is doing main, aggressive etc
What do you setkeys -DP look like?
> proposal {
> encryption_algorithm des;
> hash_algorithm md5;
> authentication_method pre_shared_key;
> dh_group 2 ;
> }
>
> sainfo anonymous
> {
> pfs_group 1;
> lifetime time 10 min;
> encryption_algorithm des;
> authentication_algorithm hmac_md5;
> compression_algorithm deflate ;
> }
Looks ok to me. But what is the rest of the remote config?
regards
Pete
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307021839.13450.psandila>