Windows 10 - ipsec - works on 2.4beta, doesn't on 2.3.4
warmadmax last edited by
trying to get to grips with why i can get IPsec working with 2.4 beta, but not with 2.3.4,
in the web UI, they've got identical settings for phase 1 and 2, both with mobile IKE, both using the same certificate,
i'm using radius.
it just seems that on 2.3.4, it won't accept phase 1, were as on 2.4 beta, phase 1 establishes fine and goes onto radius auth and connect phase 2
i've attached the IPSec connection logs from both firewalls, both on diag output setting for config,
i'm using the following powershell to setup the VPN on windows 10
Remove-VpnConnection -name "Pfsense Test" add-vpnconnection -name "Pfsense Test" -serveraddress "******.*****.co.uk" -TunnelType "Ikev2" -EncryptionLevel "maximum" -AuthenticationMethod eap -EapConfigXmlStream $((New-EapConfiguration -UseWinlogonCredential).EapConfigXmlStream) Set-VpnConnectionIPsecConfiguration -ConnectionName "Pfsense Test" -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup ECP384 -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -PfsGroup ECP256 Add-VpnConnectionRoute -ConnectionName "Pfsense Test" -DestinationPrefix 10.40.0.0/16 -Passthru Set-VpnConnection -Name "Pfsense Test" -SplitTunneling $true
that gives me the following for phase 1 (reading 2.4 beta's log)
Jul 27 10:01:57 charon 10[CFG] <23> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384
then the following for phase 2
Jul 27 10:01:57 charon 13[CFG] <con1|23>received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
has there been a patch for IPsec in 2.4 that could have caused this to start working?
or is there a bug that should be preventing it?
i've been experimenting with IPsec recently so i'm not sure which one is correct behaviour
[IPSEC 2.3.4 failure log.txt](/public/imported_attachments/1/IPSEC 2.3.4 failure log.txt)
[IPSEC 2.4 beta sucess log.txt](/public/imported_attachments/1/IPSEC 2.4 beta sucess log.txt)</con1|23>