IPSec with pfsense 2.3 & Greenbow didn`t work

  • Hello,

    its my first time with pfsense and maybe there are some stupid questions. I wan`t to enable ipsec for mobile clients so I did this:

    1. VPN - IPsec - Mobile Clients -> Enable IPsec Mobile Client Support
    2. VPN - IPsec - Tunnels

    Key Exchange version: IKE V1
    Internet Protocol: IPv4
    Interface: WAN
    Authentication Method: MAnual PSK
    Negotiation mode: Agressive
    My identifier: My IP Adress

    Phase 1
    Encryption: 3DES
    Hash: SHA-1
    DH Group: 2
    Lifetime 28800

    Phase 2
    Mode Tunnel IPv4
    Local Network: LAN subnet
    NAT/BINAT: None
    Protocoll: ESP
    Encryption: 3DES
    Hash: SHA-1
    PFS key gorup: 2
    Lifetime: 3600

    I created at Pre-Shared Keys a user like:

    Identifier: max@mustermann.de
    Secret type: PSK
    Pre-Shared Key 1234

    After I configured the Greenbow Client I got this error message:

    20160722 09:10:08:280 Default (SA Max-Company-P2) is opening.
    20160722 09:10:08:280 Default (SA Max-P1) SEND phase 1 Aggressive Mode  [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
    20160722 09:10:08:312 Default (SA Max-P1) RECV phase 1 Aggressive Mode  [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [NAT_D] [NAT_D] [VID] [VID] [VID]
    20160722 09:10:08:327 Default (SA Max-P1) SEND phase 1 Aggressive Mode  [HASH] [NAT_D] [NAT_D]
    20160722 09:10:08:327 Default phase 1 done: initiator id max@mustermann.de, responder id
    20160722 09:10:08:327 Default (SA Max-Company-P2) SEND phase 2 Quick Mode  [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
    20160722 09:10:08:343 Default message_parse_payloads: invalid next payload type 47 in payload of type 8
    20160722 09:10:08:343 Default dropped message from due to notification type INVALID_PAYLOAD_TYPE
    20160722 09:10:08:343 Default (SA Max-P1) SEND Informational  [HASH] [NOTIFY] with INVALID_PAYLOAD_TYPE error
    20160722 09:10:09:372 Default (SA Max-P1) SEND Informational  [HASH] [DELETE]
    20160722 09:10:09:372 Default <max-p1>deleted

    Could anyone help me? I worked since last week only with mono wall. I forgot I created some firewall rules:

    WAN UDP * * * 500 (ISAKMP) * NONE
    WAN UDP * * * 4500 (IPSec NAT-T) * NONE

    and one rule at IPsec

    IPv4 * * * * * * none</max-p1>

Log in to reply