Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Broken by (StrongSwan) PFsense update

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gvalenzuela
      last edited by

      Hello!

      We used to have our PFsense and Shrew clients setup exactly as PFsense instructions for roadwarriors.
      After we updated to 2.2.1 the VPN stopped working.
      Have google this to no end, almost everybody on other forums ends up rolling back to 2.1.5 and everything works again.
      There's gotta be another guide for the new version of PFsense with StrongSwan to work with Shrew.
      I have tried variations on every setting I can think of and nothing fixes it so far.

      Thanks for your help, oh and I get a log like this one:

      Apr 16 11:36:41 charon: 13[IKE] INFORMATIONAL_V1 request with message ID 2790320297 processing failed
      Apr 16 11:36:41 charon: 13[IKE] <58> INFORMATIONAL_V1 request with message ID 2790320297 processing failed
      Apr 16 11:36:41 charon: 13[IKE] ignore malformed INFORMATIONAL request
      Apr 16 11:36:41 charon: 13[IKE] <58> ignore malformed INFORMATIONAL request
      Apr 16 11:36:41 charon: 13[IKE] message parsing failed
      Apr 16 11:36:41 charon: 13[IKE] <58> message parsing failed
      Apr 16 11:36:32 charon: 13[IKE] ID_PROT request with message ID 0 processing failed
      Apr 16 11:36:32 charon: 13[IKE] <58> ID_PROT request with message ID 0 processing failed
      Apr 16 11:36:32 charon: 13[IKE] message parsing failed
      Apr 16 11:36:32 charon: 13[IKE] <58> message parsing failed
      Apr 16 11:36:32 charon: 13[IKE] faking NAT situation to enforce UDP encapsulation
      Apr 16 11:36:32 charon: 13[IKE] <58> faking NAT situation to enforce UDP encapsulation
      Apr 16 11:36:32 charon: 13[IKE] 10.10.1.3 is initiating a Main Mode IKE_SA
      Apr 16 11:36:32 charon: 13[IKE] <58> 10.10.1.3 is initiating a Main Mode IKE_SA
      Apr 16 11:36:32 charon: 13[IKE] received Cisco Unity vendor ID
      Apr 16 11:36:32 charon: 13[IKE] <58> received Cisco Unity vendor ID
      Apr 16 11:36:32 charon: 13[IKE] received DPD vendor ID
      Apr 16 11:36:32 charon: 13[IKE] <58> received DPD vendor ID
      Apr 16 11:36:32 charon: 13[IKE] received FRAGMENTATION vendor ID
      Apr 16 11:36:32 charon: 13[IKE] <58> received FRAGMENTATION vendor ID
      Apr 16 11:36:32 charon: 13[IKE] received NAT-T (RFC 3947) vendor ID
      Apr 16 11:36:32 charon: 13[IKE] <58> received NAT-T (RFC 3947) vendor ID

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        @LakelandTech:

        We used to have our PFsense and Shrew clients setup exactly as PFsense instructions for roadwarriors.

        Could you point me to which instructions specifically?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.