IPSec with iPod worked before now it's not…
-
My IPSec stopped working. So I reviewed the various guides and double checked everything. On my mobile device I get the message authentication failed.
Here's the log files.
Jul 28 20:46:19 racoon: [Self]: INFO: respond new phase 1 negotiation: 74.47.185.227[500]<=>61.148.255.138[500]
Jul 28 20:46:19 racoon: INFO: begin Aggressive mode.
Jul 28 20:46:19 racoon: INFO: received Vendor ID: RFC 3947
Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Jul 28 20:46:19 racoon: INFO: received Vendor ID: CISCO-UNITY
Jul 28 20:46:19 racoon: INFO: received Vendor ID: DPD
Jul 28 20:46:19 racoon: [61.148.255.138] INFO: Selected NAT-T version: RFC 3947
Jul 28 20:46:19 racoon: INFO: Adding remote and local NAT-D payloads.
Jul 28 20:46:19 racoon: [61.148.255.138] INFO: Hashing 61.148.255.138[500] with algo #2
Jul 28 20:46:19 racoon: [Self]: [74.47.185.227] INFO: Hashing 74.47.185.227[500] with algo #2
Jul 28 20:46:19 racoon: INFO: Adding xauth VID payload.
Jul 28 20:46:19 racoon: [Self]: INFO: NAT-T: ports changed to: 61.148.255.138[4500]<->74.47.185.227[4500]
Jul 28 20:46:19 racoon: [Self]: [74.47.185.227] INFO: Hashing 74.47.185.227[4500] with algo #2
Jul 28 20:46:19 racoon: INFO: NAT-D payload #0 verified
Jul 28 20:46:19 racoon: [61.148.255.138] INFO: Hashing 61.148.255.138[4500] with algo #2
Jul 28 20:46:19 racoon: INFO: NAT-D payload #1 doesn't match
Jul 28 20:46:19 racoon: [61.148.255.138] ERROR: notification INITIAL-CONTACT received in aggressive exchange.B
Jul 28 20:46:19 racoon: INFO: NAT detected: PEER
Jul 28 20:46:19 racoon: INFO: Sending Xauth request
Jul 28 20:46:19 racoon: [Self]: INFO: ISAKMP-SA established 74.47.185.227[4500]-61.148.255.138[4500] spi:5ae68325adff41e3:aada1db07c03b37c
Jul 28 20:46:20 racoon: INFO: Using port 0
Jul 28 20:46:20 racoon: INFO: login succeeded for user "remote"That last line seems to me it should work? Not sure what else to do. My PPTP VPN works (although I can't tunnel outside the home network) and Openvpn works too.
Ideas? Not sure how to post conf file as all I have is iPod to work on.
-
88 views and not 1 suggestion?
I did some more testing and I've found that each time I try and connect the VPN service crashes!
I VPN in through PPTP and restart the service
Disconnect my PPTP connection
Try and connect using IPsec
On my iPod I get "authentication failed" message
I reconnect usin PPTP
And view the system log belowLast 50 system log entries
Aug 4 20:29:42 syslogd: kernel boot file is /boot/kernel/kernel
Aug 4 20:32:01 php: /status_services.php: Forcefully reloading IPsec racoon daemon
Aug 4 20:32:11 php: /status_services.php: Forcefully reloading IPsec racoon daemon
Aug 4 20:35:25 kernel: pid 33182 (racoon), uid 0: exited on signal 11 (core dumped)This is an AMD64 2.0 release build.
Does anybody have any questions, suggestions, requests for other data/logs?
Just tell me what/where and I'll post it -
Could you try testing this with pfsense 2.1-BETA?
There have been a number of patches applied to ipsec-tools 0.8.0 (although several more patches have been commited to the ipsec-tools tree http://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/crypto/dist/ipsec-tools/src/ that haven't made it into pfsense yet)
PS: You could also run racoon in high verbosity mode and check the discussions in
http://sourceforge.net/mailarchive/forum.php?forum_name=ipsec-tools-commits