• IPsec Site-To-Site pfSense <-> Securepoint

    2
    0 Votes
    2 Posts
    635 Views
    DerelictD

    @posto587 said in IPsec Site-To-Site pfSense <-> Securepoint:

    May 17 12:54:33 charon 07[IKE] <con5000|86410> received NO_PROPOSAL_CHOSEN notify error
    May 17 12:54:33 charon 07[CFG] <con5000|86410> configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

    The other side is rejecting the tunnel transform proposal

    You are asking for:
    AES_CBC_128
    SHA256
    PFS Group 14

    They will have to tell you why they are rejecting that.

  • Confused about traffic through tunnel

    8
    0 Votes
    8 Posts
    796 Views
    DerelictD

    I've double checked the firewall rules on both desktops, and everything is set right.

    If you can ping the LAN address at the other end then the tunnel is up and working.

    Use packet captures. Ping something on the LAN on the other side and pcap there. Do you see the traffic leaving that interface? Is there a reply? If not find out why not. Compare with a capture to the same host from the local pfSense's LAN interface.

    This problem is almost always 1 of two things:

    The default gateway on the target host is not the VPN firewall. It seems you have eliminated this since the host can ping the far side's LAN interface address so that leaves... The software firewall (think windows firewall) on the target host is not allowing connections to the target host from the foreign subnet. It could be some other local security software on the host breaking things too.
  • User authentication failed with iPhone and IPsec VPN

    4
    0 Votes
    4 Posts
    3k Views
    A

    @murphster_matt What's funny about this is that I had the same problem when trying to set up a different phone, and I'd completely forgotten about this solution until you posted your comment! Thanks for reminding me!

  • Configured IPSEC VPN works on Windows device but no on IOS

    15
    0 Votes
    15 Posts
    2k Views
    NogBadTheBadN

    @sugarpeter

    Not a clue sorry, I don’t use google authenticator.

  • DH Group 31 (curve25519) supported?

    3
    0 Votes
    3 Posts
    778 Views
    JeGrJ

    @jimp said in DH Group 31 (curve25519) supported?:

    Probably wants a feature request at https://redmine.pfsense.org

    Alright that shouldn't be a problem :) Coming up!

  • 0 Votes
    1 Posts
    189 Views
    No one has replied
  • IPsec Phase 1 is not disconnecting after it reaches the life time

    1
    0 Votes
    1 Posts
    203 Views
    No one has replied
  • PFSense IPSec VPN to AWS Issue

    1
    0 Votes
    1 Posts
    221 Views
    No one has replied
  • IPSEC tunnel between two sites not working as it should

    2
    0 Votes
    2 Posts
    348 Views
    D

    Issue resolved!

    Believe it or not it was a f****** reboot that solved it...
    Probably the firewall still had some old caches or something still in it's memory...

  • IPSec VPN to OpenWrt Strongswan Travel Router

    4
    0 Votes
    4 Posts
    2k Views
    K

    @highc said in IPSec VPN to OpenWrt Strongswan Travel Router:

    Thanks for trying to help me. I tried to do what you said, i.e. setup a new site-to-site config in pfSense

    Look at the file on the PFSense side
    /var/etc/ipsec/ipsec.conf
    This is an example of what settings should be on the Openwrt router . These settings should mirror the settings on the PFSense (left/right)

    https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configuring-a-site-to-site-ipsec-vpn.html

    https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routing-internet-traffic-through-a-site-to-site-ipsec-vpn.html

    For example , my file ipsec.conf (CentOS server, site-to-site connection)

    conn es_ru_pfsense_rsa keyexchange=ikev2 authby=pubkey fragmentation = yes ikelifetime=28800s ike = aes256-sha256-modp2048,aes-sha256-modp2048! esp = aes256-sha256-modp2048,aes192-sha256-modp2048,aes128-sha256-modp2048,aes128gcm16-sha256-modp2048,aes128gcm64-sha256-modp2048! left=XX.XXX.XX.XX leftsubnet=0.0.0.0/0 leftcert=strongswan_rsa.pem leftca="C=ES, O=M, CN=e.m.org" leftid=@strongswan.m.org leftfirewall=yes lefthostaccess=no right=YY.YY.YY.YYY rightid=@pfsense.m.org rightsubnet=192.168.55.32/27 auto=add
  • 0 Votes
    1 Posts
    205 Views
    No one has replied
  • No EAP-MSChapv2 or other option but RSA and PSK even no Xauth

    11
    0 Votes
    11 Posts
    876 Views
    jimpJ

    Again, there are numerous threads around the forum already covering this in detail.

  • [Solved] Mobile Ipsec to Windows has no gateway

    1
    0 Votes
    1 Posts
    270 Views
    No one has replied
  • IPSec (IKEv2) iPhone VPN fails to connect

    1
    0 Votes
    1 Posts
    272 Views
    No one has replied
  • iOS not connecting

    1
    0 Votes
    1 Posts
    444 Views
    No one has replied
  • iOS gets connected to the VPN, but nothing loads

    1
    0 Votes
    1 Posts
    211 Views
    No one has replied
  • Pre-shared Keys, IPSec and Windows

    1
    0 Votes
    1 Posts
    318 Views
    No one has replied
  • IPSec Mobile from AWS pfSense AMI to Windows 10

    3
    0 Votes
    3 Posts
    679 Views
    W

    Solved (I think).

    Turns out that not only do you have to add IPSec ports to the pfSense firewall, I had to add UDP 4500 to the AWS Security Group (AWS version of a firewall). The person who set up the Security Group had added UDP 500, but not 4500.

  • IPSEC VTI low speed

    1
    0 Votes
    1 Posts
    369 Views
    No one has replied
  • My experience with IPSEC and SMB

    1
    0 Votes
    1 Posts
    343 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.