Categories

• TNSR

  Discussions about TNSR

  • TNSR Announcements
  • TNSR Feedback
  • Problems Installing or Upgrading TNSR Software
  467 Topics

  1k Posts

  A

  @Said.Fathy , Hi Said .. I'd strongly recommend Lawrence Systems' youtube channel... it's the best as far as pfsense is concerned.. from beginner to pro https://www.youtube.com/@LAWRENCESYSTEMS
• pfSense® Software

  Discussions about pfSense Software, click a category below

  • Messages from the pfSense Team
  • General pfSense Questions
  • Multi-Instance Management
  • Problems Installing or Upgrading pfSense Software
  • Firewalling
  • NAT
  • HA/CARP/VIPs
  • L2/Switching/VLANs
  • Routing and Multi WAN
  • Traffic Shaping
  • DHCP and DNS
  • IPv6
  • IPsec
  • OpenVPN
  • Captive Portal
  • webGUI
  • Wireless
  • SNMP
  • Documentation
  • Development
  • Gaming
  • Virtualization
  • Hardware
  • Bounties
  • Retired
  121k Topics

  771k Posts

  L

  So, I have put hours to get this working and it works now. However, there is one part that I could not figure out. When I use Ipsec export apple profile and import this to my device, everything works beautifully, however, if I try to manually define the vpn settings on the IOS device, it just fails shortly after I try connecting. The point of the matter is for me to easily connect to this VPN with AD credentials and MFA. It will not help me as much if I need to import profile everytime. Checking the logs, I see that crypto proposal matches, everything going well, but after splitting packets the 2nd time, it times out. Traffic never reaches NPS. Nov 14 18:46:12 charon 26343 09[IKE] <con-mobile|17> IKE_SA con-mobile[17] state change: CONNECTING => DESTROYING Nov 14 18:46:12 charon 26343 09[JOB] <con-mobile|17> deleting half open IKE_SA with 5.156.97.144 after timeout Nov 14 18:46:11 charon 26343 09[IKE] <con-mobile|15> IKE_SA con-mobile[15] state change: CONNECTING => DESTROYING Nov 14 18:46:11 charon 26343 09[JOB] <con-mobile|15> deleting half open IKE_SA with 93.168.76.124 after timeout Nov 14 18:46:02 charon 26343 09[IKE] <con-mobile|15> sending keep alive to 93.168.76.124[2973] Nov 14 18:45:42 charon 26343 09[NET] <con-mobile|17> sending packet: from <redacted IP>[4500] to 5.156.97.144[4656] (1103 bytes) Nov 14 18:45:42 charon 26343 09[NET] <con-mobile|17> sending packet: from <redacted IP>[4500] to 5.156.97.144[4656] (1248 bytes) Nov 14 18:45:42 charon 26343 09[ENC] <con-mobile|17> generating IKE_AUTH response 1 [ EF(2/2) ] Nov 14 18:45:42 charon 26343 09[ENC] <con-mobile|17> generating IKE_AUTH response 1 [ EF(1/2) ] Nov 14 18:45:42 charon 26343 09[ENC] <con-mobile|17> splitting IKE message (2286 bytes) into 2 fragments Nov 14 18:45:42 charon 26343 09[ENC] <con-mobile|17> generating IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ] Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> sending issuer cert "C=US, O=Let's Encrypt, CN=E7" Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> sending end entity cert "CN=ipsec.domain.com" Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> authentication of 'ipsec.domain.com' (myself) with ECDSA_WITH_SHA256_DER successful Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> peer supports MOBIKE Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> processing INTERNAL_DNS_DOMAIN attribute Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> processing INTERNAL_IP6_DNS attribute Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> processing INTERNAL_IP6_DHCP attribute Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> processing INTERNAL_IP6_ADDRESS attribute Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> processing INTERNAL_IP4_DNS attribute Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> processing INTERNAL_IP4_DHCP attribute Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> processing INTERNAL_IP4_NETMASK attribute Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> processing INTERNAL_IP4_ADDRESS attribute Nov 14 18:45:42 charon 26343 09[IKE] <con-mobile|17> initiating EAP_IDENTITY method (id 0x00) Nov 14 18:45:42 charon 26343 09[CFG] <con-mobile|17> selected peer config 'con-mobile' Nov 14 18:45:42 charon 26343 09[CFG] <17> candidate "con-mobile", match: 20/1/1052 (me/other/ike) Nov 14 18:45:42 charon 26343 09[CFG] <17> looking for peer configs matching <redacted IP>[ipsec.domain.com]...5.156.97.144[172.17.33.144] Nov 14 18:45:42 charon 26343 09[IKE] <17> remote endpoint changed from 5.156.97.144[6848] to 5.156.97.144[4656] Nov 14 18:45:42 charon 26343 09[IKE] <17> local endpoint changed from <redacted IP>[500] to <redacted IP>[4500] Nov 14 18:45:42 charon 26343 09[ENC] <17> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR MASK DHCP DNS ADDR6 DHCP6 DNS6 DOMAIN) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr N(MOBIKE_SUP) ] Nov 14 18:45:42 charon 26343 09[ENC] <17> unknown attribute type INTERNAL_DNS_DOMAIN Nov 14 18:45:42 charon 26343 09[NET] <17> received packet: from 5.156.97.144[4656] to <redacted IP>[4500] (374 bytes) Nov 14 18:45:42 charon 26343 13[NET] <17> sending packet: from <redacted IP>[500] to 5.156.97.144[6848] (509 bytes) Nov 14 18:45:42 charon 26343 13[ENC] <17> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Nov 14 18:45:42 charon 26343 13[IKE] <17> sending cert request for "C=US, O=Let's Encrypt, CN=E8" Nov 14 18:45:42 charon 26343 13[IKE] <17> sending cert request for "C=US, O=Let's Encrypt, CN=E7" Nov 14 18:45:42 charon 26343 13[CFG] <17> sending supported signature hash algorithms: sha256 sha384 sha512 identity Nov 14 18:45:42 charon 26343 13[IKE] <17> remote host is behind NAT Nov 14 18:45:42 charon 26343 13[CFG] <17> received supported signature hash algorithms: sha512 sha384 sha256 Nov 14 18:45:42 charon 26343 13[CFG] <17> selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048 Nov 14 18:45:42 charon 26343 13[CFG] <17> configured proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_4096, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_512/ECP_384, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_512/ECP_256, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048 Nov 14 18:45:42 charon 26343 13[CFG] <17> received proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_6_36, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048/UNKNOWN_6_36, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_6_36, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048/UNKNOWN_6_36, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 Nov 14 18:45:42 charon 26343 13[CFG] <17> proposal matches Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable (6) found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <17> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <17> selecting proposal: Nov 14 18:45:42 charon 26343 13[IKE] <17> IKE_SA (unnamed)[17] state change: CREATED => CONNECTING Nov 14 18:45:42 charon 26343 13[IKE] <17> 5.156.97.144 is initiating an IKE_SA Nov 14 18:45:42 charon 26343 13[IKE] <17> remote endpoint changed from 0.0.0.0 to 5.156.97.144[6848] Nov 14 18:45:42 charon 26343 13[IKE] <17> local endpoint changed from 0.0.0.0[500] to <redacted IP>[500] Nov 14 18:45:42 charon 26343 13[CFG] <17> found matching ike config: <redacted IP>...0.0.0.0/0, ::/0 with prio 1052 Nov 14 18:45:42 charon 26343 13[CFG] <17> candidate: <redacted IP>...0.0.0.0/0, ::/0, prio 1052 Nov 14 18:45:42 charon 26343 13[CFG] <17> looking for an IKEv2 config for <redacted IP>...5.156.97.144 Nov 14 18:45:42 charon 26343 13[ENC] <17> parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N((16438)) N((16438)) N((16438)) N((16438)) ] Nov 14 18:45:42 charon 26343 13[NET] <17> received packet: from 5.156.97.144[6848] to <redacted IP>[500] (786 bytes) Nov 14 18:45:42 charon 26343 13[IKE] <16> IKE_SA (unnamed)[16] state change: CONNECTING => DESTROYING Nov 14 18:45:42 charon 26343 13[NET] <16> sending packet: from <redacted IP>[500] to 5.156.97.144[6848] (38 bytes) Nov 14 18:45:42 charon 26343 13[ENC] <16> generating IKE_SA_INIT response 0 [ N(INVAL_KE) ] Nov 14 18:45:42 charon 26343 13[IKE] <16> DH group ECP_256 unacceptable, requesting MODP_2048 Nov 14 18:45:42 charon 26343 13[IKE] <16> remote host is behind NAT Nov 14 18:45:42 charon 26343 13[CFG] <16> received supported signature hash algorithms: sha512 sha384 sha256 Nov 14 18:45:42 charon 26343 13[CFG] <16> selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048 Nov 14 18:45:42 charon 26343 13[CFG] <16> configured proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_4096, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_512/ECP_384, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_512/ECP_256, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048 Nov 14 18:45:42 charon 26343 13[CFG] <16> received proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_6_36, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048/UNKNOWN_6_36, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_6_36, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048/UNKNOWN_6_36, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 Nov 14 18:45:42 charon 26343 13[CFG] <16> proposal matches Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable (6) found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable PSEUDO_RANDOM_FUNCTION found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable ENCRYPTION_ALGORITHM found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[CFG] <16> no acceptable KEY_EXCHANGE_METHOD found Nov 14 18:45:42 charon 26343 13[CFG] <16> selecting proposal: Nov 14 18:45:42 charon 26343 13[IKE] <16> IKE_SA (unnamed)[16] state change: CREATED => CONNECTING Nov 14 18:45:42 charon 26343 13[IKE] <16> 5.156.97.144 is initiating an IKE_SA Nov 14 18:45:42 charon 26343 13[IKE] <16> remote endpoint changed from 0.0.0.0 to 5.156.97.144[6848] Nov 14 18:45:42 charon 26343 13[IKE] <16> local endpoint changed from 0.0.0.0[500] to <redacted IP>[500] Nov 14 18:45:42 charon 26343 13[CFG] <16> found matching ike config: <redacted IP>...0.0.0.0/0, ::/0 with prio 1052 Nov 14 18:45:42 charon 26343 13[CFG] <16> candidate: <redacted IP>...0.0.0.0/0, ::/0, prio 1052 Nov 14 18:45:42 charon 26343 13[CFG] <16> looking for an IKEv2 config for <redacted IP>...5.156.97.144 Nov 14 18:45:42 charon 26343 13[ENC] <16> parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N((16438)) N((16438)) N((16438)) N((16438)) ] Nov 14 18:45:42 charon 26343 13[NET] <16> received packet: from 5.156.97.144[6848] to <redacted IP>[500] (594 bytes) Nov 14 18:45:41 charon 26343 13[NET] <con-mobile|15> sending packet: from <redacted IP>[4500] to 93.168.76.124[2973] (1104 bytes) Nov 14 18:45:41 charon 26343 13[NET] <con-mobile|15> sending packet: from <redacted IP>[4500] to 93.168.76.124[2973] (1248 bytes) Nov 14 18:45:41 charon 26343 13[ENC] <con-mobile|15> generating IKE_AUTH response 1 [ EF(2/2) ] Nov 14 18:45:41 charon 26343 13[ENC] <con-mobile|15> generating IKE_AUTH response 1 [ EF(1/2) ] Nov 14 18:45:41 charon 26343 13[ENC] <con-mobile|15> splitting IKE message (2287 bytes) into 2 fragments Nov 14 18:45:41 charon 26343 13[ENC] <con-mobile|15> generating IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ] Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> sending issuer cert "C=US, O=Let's Encrypt, CN=E7" Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> sending end entity cert "CN=ipsec.domain.com" Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> authentication of 'ipsec.domain.com' (myself) with ECDSA_WITH_SHA256_DER successful Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> peer supports MOBIKE Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> processing INTERNAL_DNS_DOMAIN attribute Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> processing INTERNAL_IP6_DNS attribute Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> processing INTERNAL_IP6_DHCP attribute Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> processing INTERNAL_IP6_ADDRESS attribute Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> processing INTERNAL_IP4_DNS attribute Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> processing INTERNAL_IP4_DHCP attribute Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> processing INTERNAL_IP4_NETMASK attribute Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> processing INTERNAL_IP4_ADDRESS attribute Nov 14 18:45:41 charon 26343 13[IKE] <con-mobile|15> initiating EAP_IDENTITY method (id 0x00) Nov 14 18:45:41 charon 26343 13[CFG] <con-mobile|15> selected peer config 'con-mobile' Nov 14 18:45:41 charon 26343 13[CFG] <15> candidate "con-mobile", match: 20/1/1052 (me/other/ike) Nov 14 18:45:41 charon 26343 13[CFG] <15> looking for peer configs matching <redacted IP>[ipsec.domain.com]...93.168.76.124[2001:16a2:c076:a93f:1cd8:1278:5e5:c7c] Nov 14 18:45:41 charon 26343 13[IKE] <15> remote endpoint changed from 93.168.76.124[3890] to 93.168.76.124[2973] Nov 14 18:45:41 charon 26343 13[IKE] <15> local endpoint changed from <redacted IP>[500] to <redacted IP>[4500] Nov 14 18:45:41 charon 26343 13[ENC] <15> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR MASK DHCP DNS ADDR6 DHCP6 DNS6 DOMAIN) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr N(MOBIKE_SUP) ] Nov 14 18:45:41 charon 26343 13[ENC] <15> unknown attribute type INTERNAL_DNS_DOMAIN Nov 14 18:45:41 charon 26343 13[NET] <15> received packet: from 93.168.76.124[2973] to <redacted IP>[4500] (386 bytes) Nov 14 18:45:41 charon 26343 13[NET] <15> sending packet: from <redacted IP>[500] to 93.168.76.124[3890] (509 bytes) Nov 14 18:45:41 charon 26343 13[ENC] <15> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Nov 14 18:45:41 charon 26343 13[IKE] <15> sending cert request for "C=US, O=Let's Encrypt, CN=E8" Nov 14 18:45:41 charon 26343 13[IKE] <15> sending cert request for "C=US, O=Let's Encrypt, CN=E7" Nov 14 18:45:41 charon 26343 13[CFG] <15> sending supported signature hash algorithms: sha256 sha384 sha512 identity Nov 14 18:45:41 charon 26343 13[IKE] <15> remote host is behind NAT Nov 14 18:45:41 charon 26343 13[IKE] <15> local host is behind NAT, sending keep alives Nov 14 18:45:41 charon 26343 13[CFG] <15> received supported signature hash algorithms: sha512 sha384 sha256 Nov 14 18:45:41 charon 26343 13[CFG] <15> selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048 Nov 14 18:45:41 charon 26343 13[CFG] <15> configured proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_4096, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_512/ECP_384, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_512/ECP_256, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048 Nov 14 18:45:41 charon 26343 13[CFG] <15> received proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_6_36, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048/UNKNOWN_6_36, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_6_36, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048/UNKNOWN_6_36, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 Nov 14 18:45:41 charon 26343 13[CFG] <15> proposal matches what am I missing here or do I absolutely have to use profile file?
• pfSense Packages

  Discussions about pfSense software packages

  • Cache/Proxy
  • IDS/IPS
  • Traffic Monitoring
  • pfBlockerNG
  • UPS Tools
  • ACME
  • FRR
  • Tailscale
  • WireGuard
  20k Topics

  128k Posts

  D

  @luckman212 said in udpbroadcastrelay vs mcast-bridge vs mdns-bridge: I'm reminded of xkcd 2347... LOL! Closer than you know... I used to be one of those random maintainers in Nebraska. There were actually a handful of us, but we all escaped the state before 2003.
• pfSense International Support

  Discuss pfSense in other languages

  • Chinese
  • Deutsch
  • Español
  • Français
  • Indonesian
  • Italiano
  • Russian
  • Nederlands
  • Norwegian
  • Portuguese
  • Polish
  • Romanian
  • Swedish
  • Turkish
  43k Topics

  267k Posts

  N

  Danke für die Antwort. Aktuell komme ich zu nix, aber wenn wieder luft ist, werde ich mir das mal genauer anschauen mit den Filtern.
• Official Netgate® Hardware

  Information about hardware available from Netgate
  3k Topics

  21k Posts

  S

  is there any good reason to do so?
• Netgate Announcements

  Information about hardware available from Netgate
  44 Topics

  211 Posts

  A

  It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!
• Off-Topic & Non-Support Discussion

  Feel free to talk about anything and everything here

  • Forum Feedback
  • Community Job Board
  4k Topics

  19k Posts

  J

  It is working as of today, that was weird Safari Version 26.1 (21622.2.11.11.9) Tahoe 26.1 I just went back 3000 plus posts to find this https://web.archive.org/web/20240302055716/https://forum.it-monkey.net/index.php?topic=23.0 Yeah it is working thanks