@warmadmax: error in the log is here : Jul 27 20:50:32 charon 07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode did you add the user login? can see you've added the pre-shared key Wow, I forgot to add permissions to the users to allow it to dial in. I also changed the phase 1 to Main instead of aggressive. IPSEC Xauth PSK works like a charm now. [image: kQ3ls1E.png]

I found it, had to set keep alive in SonicWall.

After some analisys I see that in one client the Handshake use TLSv1.2 in all other use SSL. I check all settings but machine win its quite similar…

Personally, I prefer OpenVPN for that role, especially when working with multiple architectures. However, IKEv2 can work fine as well. You'll get better performance out of IKEv2, but if load is not a concern, OpenVPN can be easier and more flexible. Both are secure, so long as you use secure settings. There are articles on the Doc wiki for both setups.

Isn`t mixed traffic (IPv4 and IPv6) supported with IKEv2 or is it just mixed traffic for phase 1 and phase 2?

Hi, create a new revocation list from System->CertManager->CertificateRevocation add the certificates that you do not want to be active any more assign the new revocation list to the vpn server in my case VPN->OpenVPN->Servers You can easily choose your revocation list from the combobox Peer Certificate Revocation list. do not need to restart or refresh the change is immediately bye Domenico

I did not. Silly me. Thanks for the help!

Answer Use a new 10.6.23.0/24 subnet for this site. Then add a new P2 at the main site for 192.168.2.0/24 to 10.6.23.0/24. At the remote site add a new P2 for 10.5.35.0/24 to 192.168.2.0/24 and add the NAT address field to 10.6.23.0/24. The 1:1 NAT setting is no longer required as route-based IPsec is not supported in FreeBSD 10(pfSense 2.3.4) hopefully in 2.5. Thanks to pfSense support that gave me this valuable information. https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html

Hi, nevermind, I found the issue, some time ago I installed BIND, I think its conflicting. I stopped BIND and it works now. thanks.

I Have this same issue. I have read some articles which lead to this https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules as theology have TCP:SA in them which indicates asymmetric routing Jul 14 16:04:15 ► gre0   172.16.15.30:179   172.16.15.29:65116 TCP:SA Jul 14 16:04:23 ► gre0   172.16.15.30:179   172.16.15.29:65116 TCP:SA I've added tcp flaps and sloppy states to all my rules under floating and the traffic is still getting blocked which is rather frustrating! anyone come across a fix or things to check?

Thank you.