IPSEC will connect with PSK+XAUTH, instead of PSK



  • Hi

    I've setup IPSEC to a Vmware NSX Edge. If the Edge initiates the connection everything works.
    But If I change that the pfsense initiates the connection I got the following error on the Edge:

    
    [authpriv.warning] packet from XXXX:500: initial Main Mode message received on XXX:500 but no connection has been authorized with policy=PSK+XAUTH
    
    

    But it should only connect with policy PSK.
    Is there a way to disable that the pfsense tries to connect with that XAUTH?

    I found a patch for strongswan which has the same problem:
    https://wiki.strongswan.org/issues/1290

    UPDATE
    We took an dump on the network interface on the ESX of the Edge Firewall and have seen, that the PFSense is really sending XAUTH. (see attached picture)
    Have no idea why it do that.