for those that have been scratching their heads i’m posting a solution to a problem i had which took me a little over a week to figure out. crawling multiple google searches and every page of this forum.
a simple site to site vpn given in any example, such as:
set vpn ipsec
edit vpn ipsec
set ipsec-interfaces
edit ipsec-interfaces
set interface eth0
set ike-group IKE
edit ike-group IKE
set lifetime 7200
set ike-group IKE proposal 1
edit ike-group IKE proposal 1
set encryption 3des
set hash md5
set dh-group 2
set esp-group ESP
edit esp-group ESP
set lifetime 1800
set compression disable (NOT ENABLE)
set esp-group ESP proposal 1
edit esp-group ESP proposal 1
set encryption 3des
set hash md5
set site-to-site
edit site-to-site
set peer 50.0.0.1
edit peer 50.0.0.1
set authentification pre-shared-secret
[i]teddy[/i]
set ike-group IKE
set local-ip 100.0.0.1
set tunnel 1
edit tunnel 1
set local-subnet 10.200.0.0/16
set remote-subnet 10.250.0.0/16
set esp-group ESP
source: VYATTA - The Easy Tutorial - Case Study 8 - IPSEC
if you’ve configured you firewall rules correctly (i was unsure as mine are designed with zone-policy) the one setting which causes this all to fall apart is the, set vpn ipsec esp-group compression enable.
for some reason the compression setting does not work.