Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No XAuth secret found

    Scheduled Pinned Locked Moved IPsec
    5 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Networker
      last edited by

      Hello,

      I just started operating a PfSense. My first problem arrived when I was trying to configure an IPsec for my mobile device (iphone). I made the configuration according to https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To.

      When I am trying to connect, I geht the following error in the VPN log:

      
      Jan 14 17:13:38 	charon 		14[IKE] <con1|19>no XAuth secret found for '91.67.245.66' - 'vpn-user'
      Jan 14 17:13:38 	charon 		14[IKE] <con1|19>XAuth authentication of 'vpn-user' failed</con1|19></con1|19> 
      

      The User “vpn-user” is created under system -> user management and the User - VPN - IPsec xauth Dialin permission is configured as well (Also tried with admin user, without success.).

      Any idea what could be wrong?

      If further information is needed, I can provide..

      Thanks a lot for all kind of support!

      Complet Log:

      Jan 14 17:09:56 	charon 		05[IKE] <16> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 14 17:09:56 	charon 		05[IKE] <16> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 14 17:09:56 	charon 		05[IKE] <16> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 14 17:09:56 	charon 		05[IKE] <16> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 14 17:09:56 	charon 		05[IKE] <16> received XAuth vendor ID
      Jan 14 17:09:56 	charon 		05[IKE] <16> received Cisco Unity vendor ID
      Jan 14 17:09:56 	charon 		05[IKE] <16> received DPD vendor ID
      Jan 14 17:09:56 	charon 		05[IKE] <16> 109.84.2.138 is initiating a Aggressive Mode IKE_SA
      Jan 14 17:09:56 	charon 		05[CFG] <16> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
      Jan 14 17:09:56 	charon 		05[CFG] <16> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Jan 14 17:09:56 	charon 		05[IKE] <16> no proposal found
      Jan 14 17:09:56 	charon 		05[ENC] <16> generating INFORMATIONAL_V1 request 2206095100 [ N(NO_PROP) ]
      Jan 14 17:09:56 	charon 		05[NET] <16> sending packet: from 91.67.245.66[500] to 109.84.2.138[63453] (56 bytes)
      Jan 14 17:09:57 	charon 		14[NET] <17> received packet: from 109.84.2.138[63453] to 91.67.245.66[500] (766 bytes)
      Jan 14 17:09:57 	charon 		14[ENC] <17> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Jan 14 17:09:57 	charon 		14[IKE] <17> received FRAGMENTATION vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received NAT-T (RFC 3947) vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received draft-ietf-ipsec-nat-t-ike vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received XAuth vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received Cisco Unity vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> received DPD vendor ID
      Jan 14 17:09:57 	charon 		14[IKE] <17> 109.84.2.138 is initiating a Aggressive Mode IKE_SA
      Jan 14 17:09:57 	charon 		14[CFG] <17> looking for XAuthInitPSK peer configs matching 91.67.245.66...109.84.2.138[meinrouter]
      Jan 14 17:09:57 	charon 		14[CFG] <17> selected peer config "con1"
      Jan 14 17:09:57 	charon 		14[ENC] <con1|17>generating AGGRESSIVE response 0 [ SA KE No ID V V V V NAT-D NAT-D HASH ]
      Jan 14 17:09:57 	charon 		14[NET] <con1|17>sending packet: from 91.67.245.66[500] to 109.84.2.138[63453] (412 bytes)
      Jan 14 17:09:57 	charon 		14[NET] <con1|17>received packet: from 109.84.2.138[36152] to 91.67.245.66[4500] (100 bytes)
      Jan 14 17:09:57 	charon 		14[ENC] <con1|17>parsed AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
      Jan 14 17:09:57 	charon 		14[IKE] <con1|17>remote host is behind NAT
      Jan 14 17:09:57 	charon 		14[ENC] <con1|17>generating TRANSACTION request 3962088702 [ HASH CPRQ(X_USER X_PWD) ]
      Jan 14 17:09:57 	charon 		14[NET] <con1|17>sending packet: from 91.67.245.66[4500] to 109.84.2.138[36152] (76 bytes)
      Jan 14 17:09:57 	charon 		14[NET] <con1|17>received packet: from 109.84.2.138[36152] to 91.67.245.66[4500] (92 bytes)
      Jan 14 17:09:57 	charon 		14[ENC] <con1|17>parsed INFORMATIONAL_V1 request 1607647259 [ HASH N(INITIAL_CONTACT) ]
      Jan 14 17:09:57 	charon 		14[NET] <con1|17>received packet: from 109.84.2.138[36152] to 91.67.245.66[4500] (92 bytes)
      Jan 14 17:09:57 	charon 		14[ENC] <con1|17>parsed TRANSACTION response 3962088702 [ HASH CPRP(X_USER X_PWD) ]
      Jan 14 17:09:57 	charon 		14[IKE] <con1|17>no XAuth secret found for '91.67.245.66' - 'vpn-user'
      Jan 14 17:09:57 	charon 		14[IKE] <con1|17>XAuth authentication of 'vpn-user' failed
      Jan 14 17:09:57 	charon 		14[ENC] <con1|17>generating TRANSACTION request 4063032678 [ HASH CPS(X_STATUS) ]
      Jan 14 17:09:57 	charon 		14[NET] <con1|17>sending packet: from 91.67.245.66[4500] to 109.84.2.138[36152] (76 bytes)
      Jan 14 17:09:57 	charon 		14[NET] <con1|17>received packet: from 109.84.2.138[36152] to 91.67.245.66[4500] (76 bytes)
      Jan 14 17:09:57 	charon 		14[ENC] <con1|17>parsed TRANSACTION response 4063032678 [ HASH CPA(X_STATUS) ]
      Jan 14 17:09:57 	charon 		14[IKE] <con1|17>destroying IKE_SA after failed XAuth authentication</con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17></con1|17> 
      
      1 Reply Last reply Reply Quote 0
      • N
        Networker
        last edited by

        Every idea is welcome. Checked the configuration multi times, reconfigured everything and rebooted the system several times – no success…

        1 Reply Last reply Reply Quote 0
        • B
          butme
          last edited by

          Hello

          I installed a clean testsystem and got the same errors. Did you find a solution? Or can anybody else help?

          Regrards

          Found it: For some reason the Mobile Clients settings were gone. Reenabled IPsec Mobile Clients Support and filled in all nessessary stuff and it worked.

          1 Reply Last reply Reply Quote 0
          • M
            methyphobia
            last edited by

            Thanks butme,
            it took me months to find that solution. Disabling and Reenabling the mobile client support did the job.

            1 Reply Last reply Reply Quote 0
            • E
              emeianoite
              last edited by

              I just tried this, not working lol :(

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.