IPSec with pfsense 2.3 & Greenbow didn`t work
-
Hello,
its my first time with pfsense and maybe there are some stupid questions. I wan`t to enable ipsec for mobile clients so I did this:
1. VPN - IPsec - Mobile Clients -> Enable IPsec Mobile Client Support
2. VPN - IPsec - TunnelsKey Exchange version: IKE V1
Internet Protocol: IPv4
Interface: WAN
Authentication Method: MAnual PSK
Negotiation mode: Agressive
My identifier: My IP AdressPhase 1
Encryption: 3DES
Hash: SHA-1
DH Group: 2
Lifetime 28800Phase 2
Mode Tunnel IPv4
Local Network: LAN subnet
NAT/BINAT: None
Protocoll: ESP
Encryption: 3DES
Hash: SHA-1
PFS key gorup: 2
Lifetime: 3600I created at Pre-Shared Keys a user like:
Identifier: max@mustermann.de
Secret type: PSK
Pre-Shared Key 1234After I configured the Greenbow Client I got this error message:
20160722 09:10:08:280 Default (SA Max-Company-P2) is opening.
20160722 09:10:08:280 Default (SA Max-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20160722 09:10:08:312 Default (SA Max-P1) RECV phase 1 Aggressive Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [NAT_D] [NAT_D] [VID] [VID] [VID]
20160722 09:10:08:327 Default (SA Max-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D]
20160722 09:10:08:327 Default phase 1 done: initiator id max@mustermann.de, responder id 172.31.255.6
20160722 09:10:08:327 Default (SA Max-Company-P2) SEND phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20160722 09:10:08:343 Default message_parse_payloads: invalid next payload type 47 in payload of type 8
20160722 09:10:08:343 Default dropped message from 213.200.229.167 due to notification type INVALID_PAYLOAD_TYPE
20160722 09:10:08:343 Default (SA Max-P1) SEND Informational [HASH] [NOTIFY] with INVALID_PAYLOAD_TYPE error
20160722 09:10:09:372 Default (SA Max-P1) SEND Informational [HASH] [DELETE]
20160722 09:10:09:372 Default <max-p1>deletedCould anyone help me? I worked since last week only with mono wall. I forgot I created some firewall rules:
WAN UDP * * * 500 (ISAKMP) * NONE
WAN UDP * * * 4500 (IPSec NAT-T) * NONEand one rule at IPsec
IPv4 * * * * * * none</max-p1>