ipsec - не поднимается туннель

racoon: INFO: IPsec-SA established: ESP/Tunnel 81.13.xxx.xx[500]->62.117.xxx.xx[500] spi=141751472(0x872f4b0) 
racoon: DEBUG: === 
racoon: DEBUG: pk_recv: retry[0] recv()  
racoon: DEBUG: got pfkey ADD message 
racoon: INFO: IPsec-SA established: ESP/Tunnel 81.13.xxx.xx[500] >62.117.xxx.xx[500] spi=3530072132(0xd268a044) 
.......
racoon: ERROR: no configuration found for 62.117.xxx.xx. 
racoon: ERROR: failed to begin ipsec sa negotication.

# racoonctl -l show-sa isakmp
Destination            Cookies                           ST S  V E Created             Phase2
62.117.xxx.xx.500      254e27ebc177effe:08cbde1cd0551fd9  9 R 10 M 2011-08-28 23:59:29      1
# racoonctl -l show-sa ipsec
81.13.xxx.xx 62.117.xxx.xx 
	esp mode=tunnel spi=3051185908(0xb5dd66f4) reqid=0(0x00000000)
	E: 3des-cbc  519e120f f188ae79 b6a25416 a9d2abe7 a8821547 15a7b85b
	A: hmac-sha1  937d7975 94d21f80 9da34c4d d67e295c d1d52ee7
	seq=0x00000000 replay=4 flags=0x00000000 state=dead 
	created: Aug 28 23:46:35 2011	current: Aug 28 23:46:56 2011
	diff: 21(s)	hard: 28800(s)	soft: 23040(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=1 pid=5082 refcnt=0
62.117.xxx.xx 81.13.xxx.xx 
	esp mode=tunnel spi=55874639(0x0354944f) reqid=0(0x00000000)
	E: 3des-cbc  49e44345 46bed8e5 e2a1aaff f3a6c8b2 91c59302 c74bed26
	A: hmac-sha1  380aed97 49dc56c8 442f3f43 40990559 acdaca94
	seq=0x00000000 replay=4 flags=0x00000000 state=dead 
	created: Aug 28 23:46:35 2011	current: Aug 28 23:46:56 2011
	diff: 21(s)	hard: 28800(s)	soft: 23040(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=5082 refcnt=0

log debug;
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

remote 62.117.xxx.xx
{
        exchange_mode main;
        dpd_delay 20;
        rekey on;
        ike_frag on;
#        nat_traversal on;
        initial_contact off;
        lifetime time 28800 sec;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
         }
        generate_policy on;
        passive on;
}

## IKE phase 2
sainfo address 192.168.106.0/24 any address 192.168.1.0/24 any {
        pfs_group 2;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}

flush;
spdflush;

spdadd 192.168.106.0/24[any] 192.168.1.0/24[any] any -P out ipsec
     esp/tunnel/81.13.xxx.xx-62.117.xxx.xx/require;
#
spdadd 192.168.1.0/24[any] 192.168.106.0/24[any] any -P in ipsec
     esp/tunnel/62.117.xxx.xx-81.13.xxx.xx/require;