Windows 10 - ipsec - works on 2.4beta, doesn't on 2.3.4
-
Hi Everyone,
trying to get to grips with why i can get IPsec working with 2.4 beta, but not with 2.3.4,
in the web UI, they've got identical settings for phase 1 and 2, both with mobile IKE, both using the same certificate,
i'm using radius.it just seems that on 2.3.4, it won't accept phase 1, were as on 2.4 beta, phase 1 establishes fine and goes onto radius auth and connect phase 2
i've attached the IPSec connection logs from both firewalls, both on diag output setting for config,
i'm using the following powershell to setup the VPN on windows 10
Remove-VpnConnection -name "Pfsense Test" add-vpnconnection -name "Pfsense Test" -serveraddress "******.*****.co.uk" -TunnelType "Ikev2" -EncryptionLevel "maximum" -AuthenticationMethod eap -EapConfigXmlStream $((New-EapConfiguration -UseWinlogonCredential).EapConfigXmlStream) Set-VpnConnectionIPsecConfiguration -ConnectionName "Pfsense Test" -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup ECP384 -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -PfsGroup ECP256 Add-VpnConnectionRoute -ConnectionName "Pfsense Test" -DestinationPrefix 10.40.0.0/16 -Passthru Set-VpnConnection -Name "Pfsense Test" -SplitTunneling $true
that gives me the following for phase 1 (reading 2.4 beta's log)
Jul 27 10:01:57 charon 10[CFG] <23> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384then the following for phase 2
Jul 27 10:01:57 charon 13[CFG] <con1|23>received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQhas there been a patch for IPsec in 2.4 that could have caused this to start working?
or is there a bug that should be preventing it?i've been experimenting with IPsec recently so i'm not sure which one is correct behaviour
Cheers
Matt
[IPSEC 2.3.4 failure log.txt](/public/imported_attachments/1/IPSEC 2.3.4 failure log.txt)
[IPSEC 2.4 beta sucess log.txt](/public/imported_attachments/1/IPSEC 2.4 beta sucess log.txt)</con1|23>