Racoon with Raptor
Peter Sandilands
psandila at bigpond.net.au
Wed Jul 2 01:32:37 PDT 2003
On Tue, 1 Jul 2003 08:18 pm, Wayne Pascoe wrote:
> 2003-07-01 11:05:58: ERROR: isakmp.c:1776:isakmp_chkph1there(): phase2
> negotiation failed due to time up waiting for phase1. ESP
I have seen this error when setting up a VVPN between FBSD and a D-Link 804V
In my case it was the DLink expecting main mode and me trying aggressive
Qs----
Do you get different behavour if you try to establish the VPn from each end?
Run ethereal on the outside lan segment - it tells you what happens at the
beginning of the key negotiation - at least until they go to encrypted mode.
That way you will see if the Rapto is doing main, aggressive etc
What do you setkeys -DP look like?
> proposal {
> encryption_algorithm des;
> hash_algorithm md5;
> authentication_method pre_shared_key;
> dh_group 2 ;
> }
>
> sainfo anonymous
> {
> pfs_group 1;
> lifetime time 10 min;
> encryption_algorithm des;
> authentication_algorithm hmac_md5;
> compression_algorithm deflate ;
> }
Looks ok to me. But what is the rest of the remote config?
regards
Pete
More information about the freebsd-questions
mailing list