RE: Problem with ipsec

If i dont have remote subnet but in the pfsense i must to write something in
the textbox REMOTE SUBNET in the configuration of ipsec vpn.

What I have to write in?

-----Original Message-----
From: Scott Ullrich [mailto:sullrich@xxxxxxxxx] 
Sent: Wednesday, August 09, 2006 4:31 PM
To: discussion@xxxxxxxxxxx
Subject: Re: [pfSense-discussion] Problem with ipsec

On 8/9/06, Carlos Julio Sánchez [ACC-SIS]
<jsanchez@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>
>
>
> Hello!
>
> anybody can help me please?
>
>
>
> I have an error when I set up vpn with ipsec, my computer A have pfsense
and
> my computer B have Centos(Linux)
>
>
>
> In the ipsec logs I have:
>
> racoon: ERROR: failed to get sainfo.
>
> racoon: ERROR: failed to get sainfo.
>
> racoon: ERROR: failed to pre-process packet.
>
> racoon: INFO: purging ISAKMP-SA
> spi=00bc15f02e56a4a5:69e1cebf2efd8757.
>
> racoon: INFO: purged ISAKMP-SA
> spi=00bc15f02e56a4a5:69e1cebf2efd8757.
>
> racoon: INFO: ISAKMP-SA deleted xxx.xxx.xxx.xxx [500]- xxx.xxx.xxx.xxx
[500]
> spi:00bc15f02e56a4a5:69e1cebf2efd8757
>
>
>
> in the logs of computer B I have:
>
>
>
> Aug  9 16:15:08 actibts1 racoon: NOTIFY: couldn't find the proper pskey,
try
> to get one by the peer's address.
>
> Aug  9 16:15:08 actibts1 racoon: INFO: ISAKMP-SA established
> xxx.xxx.xxx.xxx[500]-xxx.xxx.xxx.xxx[500]
> spi:00bc15f02e56a4a5:69e1cebf2efd8757
>
> Aug  9 16:15:09 actibts1 racoon: INFO: initiate new phase 2 negotiation:
> xxx.xxx.xxx.xxx [0]<=> xxx.xxx.xxx.xxx [0]
>
> Aug  9 16:15:39 actibts1 racoon: INFO: IPsec-SA expired: AH/Transport
> xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx spi=35812955(0x222765b)
>
> Aug  9 16:15:39 actibts1 racoon: WARNING: the expire message is received
but
> the handler has not been established.
>
> Aug  9 16:15:39 actibts1 racoon: ERROR: xxx.xxx.xxx.xxx give up to get
> IPsec-SA due to time up to wait.

Double check your phase 2 settings on both hosts.  There is a mismatch
somewhere.

Scott