Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC will connect with PSK+XAUTH, instead of PSK

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Righter
      last edited by

      Hi

      I've setup IPSEC to a Vmware NSX Edge. If the Edge initiates the connection everything works.
      But If I change that the pfsense initiates the connection I got the following error on the Edge:

      
[authpriv.warning] packet from XXXX:500: initial Main Mode message received on XXX:500 but no connection has been authorized with policy=PSK+XAUTH

      But it should only connect with policy PSK.
      Is there a way to disable that the pfsense tries to connect with that XAUTH?

      I found a patch for strongswan which has the same problem:
      https://wiki.strongswan.org/issues/1290

      UPDATE
      We took an dump on the network interface on the ESX of the Edge Firewall and have seen, that the PFSense is really sending XAUTH. (see attached picture)
      Have no idea why it do that.
      Auswahl_006.png
      Auswahl_006.png_thumb

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.