IPSec for Mobile Clients not working 2.3_1
-
PM Sent!
-
We just migrated our router to 2.3.1 and using the same configs on both the pre 2.3.x and the 2.3.1 we cannot get Mobile VPN to work but the IPSEC peer to peer tunnels are fine. We have rebuilt the configs multiple times with the same error coming back.
08[IKE] <con6|1>message parsing failed
08[ENC] <con6|1>could not decrypt payloads
08[ENC] <con6|1>invalid HASH_V1 payload length, decryption failed?Everything is correct and we can still connect with the pre 2.3.x box. We will be moving to OpenVPN for the time being for mobile users but there is definately something up with MobileVPN.</con6|1></con6|1></con6|1>
-
I can confirm this problem as well.
-
I can confirm that with last nights upgrade to 2.3.1 Mobile VPN is working again.
-
I will run the update tonight and see if it resolved the issue for us as well.
-
We had the same problem.
It seems there is a problem with the static entry of the local ip adress at the client vpn settings.Try to change from static to IKE-config pull.
Under VPN-> IPSec-> Mobile Clients aktivate "Virtual Address Pool - Provide a virtual IP address to clients" if not done yet.After changing from static ip-setting to ike-config pull our mobile clients work as a charm.
Ann.:
Identifier was not changed.regards
–--------
Thanks to Stefan S. for this workaround ;) -
After running the update to 2.3.1 it does not appear that our issue has been resolved. We already have the Virtual IP pool setup (it was already previously setup that way). We will test the Mac clients today to see if the issue has been resolved, but the Windows Machines running ShrewSoft still cannot connect unless the WAN IP is stored in PfSense as the Key Identifier.
-
are you able to get shrewsoft client to work with latests pfsense version?
-
I will upgrade to the latest version tonight or tomorrow to see if it resolves the issue.
-
ok thanks. I am struggling to find a clear tutorial for this on 2.3.