IPSEC can't connect, no errors in logs.



  • 
    Jul 27 20:50:32 	charon 		10[NET] <5> received packet: from 24.114.26.173[45214] to scrubbed[500] (612 bytes)
    Jul 27 20:50:32 	charon 		10[ENC] <5> parsed ID_PROT request 0 [ SA V V V V V V V V ]
    Jul 27 20:50:32 	charon 		10[IKE] <5> received NAT-T (RFC 3947) vendor ID
    Jul 27 20:50:32 	charon 		10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Jul 27 20:50:32 	charon 		10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Jul 27 20:50:32 	charon 		10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Jul 27 20:50:32 	charon 		10[IKE] <5> received XAuth vendor ID
    Jul 27 20:50:32 	charon 		10[IKE] <5> received Cisco Unity vendor ID
    Jul 27 20:50:32 	charon 		10[IKE] <5> received FRAGMENTATION vendor ID
    Jul 27 20:50:32 	charon 		10[IKE] <5> received DPD vendor ID
    Jul 27 20:50:32 	charon 		10[IKE] <5> 24.114.26.173 is initiating a Main Mode IKE_SA
    Jul 27 20:50:32 	charon 		10[ENC] <5> generating ID_PROT response 0 [ SA V V V V ]
    Jul 27 20:50:32 	charon 		10[NET] <5> sending packet: from scrubbed[500] to 24.114.26.173[45214] (160 bytes)
    Jul 27 20:50:32 	charon 		10[NET] <5> received packet: from 24.114.26.173[45214] to scrubbed[500] (228 bytes)
    Jul 27 20:50:32 	charon 		10[ENC] <5> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Jul 27 20:50:32 	charon 		10[IKE] <5> remote host is behind NAT
    Jul 27 20:50:32 	charon 		10[ENC] <5> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Jul 27 20:50:32 	charon 		10[NET] <5> sending packet: from scrubbed[500] to 24.114.26.173[45214] (244 bytes)
    Jul 27 20:50:32 	charon 		07[NET] <5> received packet: from 24.114.26.173[45215] to scrubbed[4500] (92 bytes)
    Jul 27 20:50:32 	charon 		07[ENC] <5> parsed ID_PROT request 0 [ ID HASH ]
    Jul 27 20:50:32 	charon 		07[CFG] <5> looking for XAuthInitPSK peer configs matching scrubbed...24.114.26.173[25.248.121.28]
    Jul 27 20:50:32 	charon 		07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode
    Jul 27 20:50:32 	charon 		07[ENC] <5> generating INFORMATIONAL_V1 request 440549279 [ HASH N(AUTH_FAILED) ]
    Jul 27 20:50:32 	charon 		07[NET] <5> sending packet: from scrubbed[4500] to 24.114.26.173[45215] (92 bytes) 
    
    

    Server: pfSense  2.3.4-RELEASE-p1
    Client: Android 7.1.1 device

    VPN config is attached.

    In all my years of using pfSense, I have never gotten IPSEC to work. Now that PPTP is finally removed, I need a new VPN solution. Can someone figure out what I am doing wrong?

    Thanks









  • error in the log is here :

    Jul 27 20:50:32 	charon 		07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode
    

    trying to tackle problems with mine as well, also you missed a scrub in the log, about 4 lines above the above

    take it you're following : https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

    did you add the user login? can see you've added the pre-shared key

    your other option is to use OpenVPN on pfsense + an OpenVPN client on your android



  • @warmadmax:

    error in the log is here :

    Jul 27 20:50:32 	charon 		07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode
    

    did you add the user login? can see you've added the pre-shared key

    Wow, I forgot to add permissions to the users to allow it to dial in. I also changed the phase 1 to Main instead of aggressive. IPSEC Xauth PSK works like a charm now.