Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec Mobile connections –- error from dmz (wifi) area

    IPsec
    2
    2
    999
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mococanet
      last edited by

      Dear Guys,

      I have an ipsec vpn configured in a pfsense 2.2.1 working fine from outside connections (3g/4g connections, for example) but when I tryed to connect to my vpn over my dmz area (used for wifi clients) the ipsec client return a time out error.

      I was thinking about my firewall rules, but the stranger is that are logged the ipsec log system:

      Apr 6 09:50:51 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Apr 6 09:50:51 charon: 07[IKE] <10> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
      Apr 6 09:50:51 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
      Apr 6 09:50:51 charon: 07[ENC] generating INFORMATIONAL_V1 request 2033047155 [ N(NO_PROP) ]
      Apr 6 09:50:51 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)
      Apr 6 09:50:54 charon: 07[NET] received packet: from 192.168.20.212[500] to 189.3.xxx.xxxx[500] (774 bytes)
      Apr 6 09:50:54 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Apr 6 09:50:54 charon: 07[IKE] <11> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
      Apr 6 09:50:54 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
      Apr 6 09:50:54 charon: 07[ENC] generating INFORMATIONAL_V1 request 3569949722 [ N(NO_PROP) ]
      Apr 6 09:50:54 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)
      Apr 6 09:50:58 charon: 07[NET] received packet: from 192.168.20.212[500] to 189.3.xxx.xxxx[500] (774 bytes)
      Apr 6 09:50:58 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Apr 6 09:50:58 charon: 07[IKE] <12> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
      Apr 6 09:50:58 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
      Apr 6 09:50:58 charon: 07[ENC] generating INFORMATIONAL_V1 request 452639932 [ N(NO_PROP) ]
      Apr 6 09:50:58 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)
      Apr 6 09:51:01 charon: 07[NET] received packet: from 192.168.20.212[500] to 189.3.xxx.xxxx[500] (774 bytes)
      Apr 6 09:51:01 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Apr 6 09:51:01 charon: 07[IKE] <13> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
      Apr 6 09:51:01 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
      Apr 6 09:51:01 charon: 07[ENC] generating INFORMATIONAL_V1 request 891259887 [ N(NO_PROP) ]
      Apr 6 09:51:01 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)

      Also I have 2 wan connections and i made a redundancy configuration, where i've configured the ipsec to work over the LAN interface and a NAT of both WAN was created to redirect packages for IPsec NAT-T, ISAKMP/UDP and ESP protocol to LAN interface.

      thank you guys

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        https://doc.pfsense.org/index.php/IPsec_Troubleshooting

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.