Mobile client failing to connect
-
Trying to get an iphone to connect ipsec for the first time with pfsense. IPSec configured per the documentation and I have the self-signed cert profile loaded on the phone but I must be missing something. Any ideas?
Time Process PID Message
Sep 25 08:34:53 charon 55020 13[NET] <con-mobile|4> sending packet: from 72._wan_IP.18[4500] to 107._mobile_client_ip.177[3237] (468 bytes)
Sep 25 08:34:53 charon 55020 13[NET] <con-mobile|4> sending packet: from 72._wan_IP.18[4500] to 107._mobile_client_ip.177[3237] (1236 bytes)
Sep 25 08:34:53 charon 55020 13[ENC] <con-mobile|4> generating IKE_AUTH response 1 [ EF(2/2) ]
Sep 25 08:34:53 charon 55020 13[ENC] <con-mobile|4> generating IKE_AUTH response 1 [ EF(1/2) ]
Sep 25 08:34:53 charon 55020 13[ENC] <con-mobile|4> splitting IKE message (1632 bytes) into 2 fragments
Sep 25 08:34:53 charon 55020 13[ENC] <con-mobile|4> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Sep 25 08:34:53 charon 55020 13[IKE] <con-mobile|4> sending end entity cert "C=US, ST=WI, L=My Town, O=Homelab, E=myusername@mydomain.tld, CN=gatekeeper.mydomain.tld"
Sep 25 08:34:53 charon 55020 13[IKE] <con-mobile|4> authentication of 'vpn.mydomain.tld' (myself) with RSA signature successful
Sep 25 08:34:53 charon 55020 13[IKE] <con-mobile|4> peer supports MOBIKE
Sep 25 08:34:53 charon 55020 13[IKE] <con-mobile|4> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Sep 25 08:34:53 charon 55020 13[IKE] <con-mobile|4> initiating EAP_IDENTITY method (id 0x00)
Sep 25 08:34:53 charon 55020 13[CFG] <con-mobile|4> selected peer config 'con-mobile'
Sep 25 08:34:53 charon 55020 13[CFG] <4> looking for peer configs matching 72._wan_IP.18[vpn.mydomain.tld]...107._mobile_client_ip.177[10.94.190.132]
Sep 25 08:34:53 charon 55020 13[ENC] <4> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR MASK DHCP DNS ADDR6 DHCP6 DNS6 DOMAIN) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr N(MOBIKE_SUP) ]
Sep 25 08:34:53 charon 55020 13[ENC] <4> unknown attribute type INTERNAL_DNS_DOMAIN
Sep 25 08:34:53 charon 55020 13[NET] <4> received packet: from 107._mobile_client_ip.177[3237] to 72._wan_IP.18[4500] (512 bytes)
Sep 25 08:34:53 charon 55020 13[NET] <4> sending packet: from 72._wan_IP.18[500] to 107._mobile_client_ip.177[3236] (481 bytes)
Sep 25 08:34:53 charon 55020 13[ENC] <4> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
Sep 25 08:34:53 charon 55020 13[IKE] <4> sending cert request for "C=US, ST=WI, L=My Town, O=Homelab, E=myusername@mydomain.tld, CN=liquidobject"
Sep 25 08:34:53 charon 55020 13[IKE] <4> remote host is behind NAT
Sep 25 08:34:53 charon 55020 13[CFG] <4> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Sep 25 08:34:53 charon 55020 13[IKE] <4> 107._mobile_client_ip.177 is initiating an IKE_SA
Sep 25 08:34:53 charon 55020 13[ENC] <4> parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Sep 25 08:34:53 charon 55020 13[NET] <4> received packet: from 107._mobile_client_ip.177[3236] to 72._wan_IP.18[500] (604 bytes)