Firstly, I noticed it said
"1 of 8 IPSec SAs established"
I disabled the connection (I have one connection for all 8 tunnels), and re-enabled it.
Now, I have 7 of 8 SAs established, but unfortunately the one I use most is down [:(]
PF log shows 1 drop each time I try to restart the VPN connection:
2009:08:13-11:44:21 fw ulogd[3252]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth0" outitf="unknown" dstmac="00:24:21:2e:63:f4" srcmac="00:00:00:00:00:00" srcip="remote.vpngw.ip.addr" dstip="my.ext.ip.addr" proto="17" length="284" tos="0x00" prec="0x00" ttl="253" srcport="500" dstport="500"
2009:08:13-12:02:31 fw ulogd[3252]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth0" outitf="unknown" dstmac="00:24:21:2e:63:f4" srcmac="00:00:00:00:00:00" srcip="remote.vpngw.ip.addr" dstip="my.ext.ip.addr" proto="17" length="88" tos="0x00" prec="0x00" ttl="253" srcport="500" dstport="500"
2009:08:13-12:05:51 fw ulogd[3252]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth0" outitf="unknown" dstmac="00:24:21:2e:63:f4" srcmac="00:00:00:00:00:00" srcip="remote.vpngw.ip.addr" dstip="my.ext.ip.addr" proto="17" length="204" tos="0x00" prec="0x00" ttl="253" srcport="500" dstport="500"
today's ipsec.log is attached.
The connection I'm having trouble with is
SA: 192.168.11.0/24=my.ext.ip.addr remote.vpngw.ip.addr=10.42.6.0/24
Thanks,
Barry
