1.7 to 1.9 ipsec down

Cannot figure out why the tunnel is not coming up. Everything was working until I upgraded from 1.7 to 1.9.

Waiting on logs from peer side. See anything wrong with my config?

ubnt@ubnt-site87:~$ show configuration
interfaces {
    bridge br1 {
        address 10.12.87.20/16
        aging 300
        bridged-conntrack disable
        hello-time 2
        max-age 20
        priority 0
        promiscuous disable
        stp false
    }
    ethernet eth0 {
        description CONNECTS_TO_INT_23_ON_HP_FOR_PORT_MIRROR
        disable
        duplex auto
        speed auto
    }
    ethernet eth1 {
        bridge-group {
            bridge br1
        }
        duplex auto
        speed auto
    }
    ethernet eth2 {
        address dhcp
        duplex auto
        speed auto
    }
    loopback lo {
    }
    openvpn vtun1 {
        bridge-group {
            bridge br1
            cost 100
        }
        device-type tap
        disable
        encryption aes256
        local-port xxxxxxxx
        mode site-to-site
        openvpn-option "--auth none"
        openvpn-option "--mssfix  1200"
        remote-host xxxxxxxx
        remote-port xxxxxxxx
        shared-secret-key-file /config/auth/secret
    }
    openvpn vtun5287 {
        bridge-group {
            bridge br1
            cost 100
        }
        description DR_TUN_TO_SITE_52
        device-type tap
        disable
        encryption aes256
        local-port xxxxxxxx
        mode site-to-site
        openvpn-option "--auth  none"
        openvpn-option "--mssfix  1200"
        remote-host xxxxxxxx
        remote-port xxxxxxxx
        shared-secret-key-file /config/auth/secret
    }
    openvpn vtun5587 {
        bridge-group {
            bridge br1
            cost 100
        }
        description DR_TUN_TO_SITE_55
        device-type tap
        disable
        encryption aes256
        local-port xxxxxxxx
        mode site-to-site
        openvpn-option "--auth  none"
        openvpn-option "--mssfix  1200"
        remote-host xxxxxxxx
        remote-port xxxxxxxx
        shared-secret-key-file /config/auth/secret
    }
}
protocols {
    static {
        route 10.10.0.0/16 {
            next-hop 10.12.0.254 {
            }
        }
        route 10.16.0.0/16 {
            next-hop 10.12.0.254 {
            }
        }
    }
}
service {
    gui {
        http-port xxxxxxxx
        https-port xxxxxxxx
        older-ciphers enable
    }
    ssh {
        port xxxxxxxx
        protocol-version v2
    }
}
system {
    host-name ubnt-site87
    login {
        user ubnt {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            full-name ""
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        hwnat disable
        ipsec enable
        ipv4 {
            forwarding enable
        }
        ipv6 {
            forwarding disable
        }
    }
    static-host-mapping {
        host-name switch {
            inet 10.12.87.240
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
    traffic-analysis {
        dpi enable
        export enable
    }
}
vpn {
    ipsec {
        auto-firewall-nat-exclude enable
        esp-group FOO0 {
            compression disable
            lifetime 3600
            mode tunnel
            pfs enable
            proposal 1 {
                encryption aes256
                hash sha1
            }
        }
        ike-group FOO0 {
            dead-peer-detection {
                action restart
                interval 30
                timeout 120
            }
            ikev2-reauth no
            key-exchange ikev1
            lifetime 28800
            proposal 1 {
                dh-group 2
                encryption aes256
                hash sha1
            }
        }
        ipsec-interfaces {
            interface eth2
        }
        nat-networks {
            allowed-network 0.0.0.0/0 {
            }
        }
        nat-traversal enable
        site-to-site {
            peer xxxxxxxx {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret ****************
                }
                connection-type initiate
                description vAir
                ike-group FOO0
                ikev2-reauth inherit
                local-address xxxxxxxx
                tunnel 1 {
                    esp-group FOO0
                    local {
                        prefix 10.12.0.0/16
                    }
                    remote {
                        prefix 10.120.0.0/24
                    }
                }
                tunnel 2 {
                    esp-group FOO0
                    local {
                        prefix 10.16.0.0/16
                    }
                    remote {
                        prefix 10.120.0.0/24
                    }
                }
                tunnel 3 {
                    allow-nat-networks disable
                    allow-public-networks disable
                    esp-group FOO0
                    local {
                        prefix 10.10.0.108/32
                    }
                    remote {
                        prefix 10.120.0.0/24
                    }
                }
            }
        }
    }
}

output from command 'sudo ipsec up peer-xxxxx-tunnel-1' -- peer not responding it alarming. Still waiting on logs from peer side.

sending retransmit 3 of request message ID 0, seq 1
sending packet: from xxxxx[500] to xxxxx[500] (156 bytes)
sending retransmit 4 of request message ID 0, seq 1
sending packet: from xxxxx[500] to xxxxx[500] (156 bytes)
sending retransmit 5 of request message ID 0, seq 1
sending packet: from xxxxx[500] to xxxxx[500] (156 bytes)
giving up after 5 retransmits
peer not responding, trying again (5/0)
initiating Main Mode IKE_SA peer-xxxxx-tunnel-1[1] to xxxxx
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from xxxxx[500] to xxxxx[500] (156 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from xxxxx[500] to xxxxx[500] (156 bytes)
sending retransmit 2 of request message ID 0, seq 1
sending packet: from xxxxx[500] to xxxxx[500] (156 bytes)
sending retransmit 3 of request message ID 0, seq 1
sending packet: from xxxxx[500] to xxxxx[500] (156 bytes)
sending retransmit 4 of request message ID 0, seq 1
sending packet: from xxxxx[500] to xxxxx[500] (156 bytes)

1.7 to 1.9 ipsec down

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112