Glorious Error 789 or 13801 for IKEv2
-
Hello folks,
I have a huge problem with vpn using l2tp and ipsec with pfsense. Up to this point I used pptp but since it is unsecure and I have more time I wanted to switch to l2tp over ipsec but the error Code 789 is killing me for more than one week now.
So here is what I did:
I installed and configured pfsense in the version: 2.2.4
I configured pptp and I have a windows 8 client, everything works fine, so the client can connect to it and use the vpn, but I want to switch to l2tp now. So I did everything the official how to told me to do, but no success. It gives me the error 789 all the time.My L2tp Configuration looks like this:
Enabled L2TP Server
Server Address = New Unused Adress ((192.168.60.254)
Remote Address Range = New Unused Adress Range (192.168.60.0/24)
Subnet Mask = 24
No Secret
Authentication Type = Chap
Two legit DNS serversI also created a test user with dynamic IP address
IPsec Looks like this:
Phase 1:
Key: V1
IP: IPv4
Interface: WANPhase 1 Authentication
Method: Mutual PSK
Negotiation: Main
Identifier: My Ip addressPhase 1 Algorithms
Encryption: 3DES
Hash: SHA1
DH key Group: 2 (1024)
Lifetime 28800
Nat Traversel = autoMobile clients
Enabled ipsec Mobile Client Support
Virtual Adress Pool: 192.168.60.0/24Pre-Shared-Key
allusers PSK 123
any PSK 123The system log repeats itself with the following errors:
Sep 22 11:37:44 charon: 12[ENC] <2> generating INFORMATIONAL_V1 request 3035542370 [ HASH N(PLD_MAL) ] Sep 22 11:37:44 charon: 12[NET] <2> sending packet: from 212.90.100.194[500] to 176.4.74.75[500] (68 bytes) Sep 22 11:37:44 charon: 12[IKE] <2> ID_PROT request with message ID 0 processing failed Sep 22 11:37:44 charon: 12[IKE] <2> ID_PROT request with message ID 0 processing failed Sep 22 11:37:45 charon: 11[NET] <2> received packet: from 176.4.74.75[4500] to 212.90.100.194[4500] (68 bytes) Sep 22 11:37:45 charon: 11[ENC] <2> invalid ID_V1 payload length, decryption failed? Sep 22 11:37:45 charon: 11[ENC] <2> could not decrypt payloads Sep 22 11:37:45 charon: 11[IKE] <2> message parsing failed Sep 22 11:37:45 charon: 11[IKE] <2> message parsing failed
I allowed any traffic in the Firewall-> Rules tab for IPsec and L2tp and on the wan interface allowed ports UDP(500), UDP(4500), TCP/UDP(1701), and ESP.
On Windows VPN looks like this:
VPN-TYPE: Layer-2-Tunneling-Protocoll with Ipsec
Advanced settings has the PSK(123) installedDataencyption is set to optional
the following protocols are allowed:
PAP, CHAP, MS-CHAP v2Any help would be appreciated
-
As jimp has stated in the forums several times recently, IPsec using IKEv2 is probably a better option than L2TP/IPsec at this point.
I have no problems using Windows 7 Professional clients with pfSense's IKEv2 support.
-
As jimp has stated in the forums several times recently, IPsec using IKEv2 is probably a better option than L2TP/IPsec at this point.
I have no problems using Windows 7 Professional clients with pfSense's IKEv2 support.
Ok did that, and it worked ^^