Hi, we are getting crazy with one tunnel our system pfSense 2.2 failover cluster other side a bigger Juniper. VPN with 6 tunnels was up. the 7th tunnel (10.2.2.55) fails. the afterwards created 8th tunnel is OK again.
some lines from debug log: --- configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ proposing traffic selectors for us: 10.243.35.0/24|/0 proposing traffic selectors for other: 10.2.2.55/32|/0 generating QUICK_MODE request 2417630024 [ HASH SA No KE ID ID ] ... parsed INFORMATIONAL_V1 request 3795096688 [ HASH N(NO_PROP) ] received NO_PROPOSAL_CHOSEN error notify --- looks for me as a Phase 2 Encryption Algorithm Mismatch. but why and where ? On our side i have created the entry for 10.2.2.55 based on existing entries; for troubleshooting: removed, added again and more than 5 times checked, also checked the backup-xml -> no error found. Onto the other side i have no access, but there is a guy who knows what to do and as i remember, you create on a Juniper only 1 times the Phase2 settings and add then all the remote networks. Any hints or idea where to search and what to do ? bye Christoph _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
