IPSEC can't connect, no errors in logs.
-
Jul 27 20:50:32 charon 10[NET] <5> received packet: from 24.114.26.173[45214] to scrubbed[500] (612 bytes) Jul 27 20:50:32 charon 10[ENC] <5> parsed ID_PROT request 0 [ SA V V V V V V V V ] Jul 27 20:50:32 charon 10[IKE] <5> received NAT-T (RFC 3947) vendor ID Jul 27 20:50:32 charon 10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Jul 27 20:50:32 charon 10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Jul 27 20:50:32 charon 10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-00 vendor ID Jul 27 20:50:32 charon 10[IKE] <5> received XAuth vendor ID Jul 27 20:50:32 charon 10[IKE] <5> received Cisco Unity vendor ID Jul 27 20:50:32 charon 10[IKE] <5> received FRAGMENTATION vendor ID Jul 27 20:50:32 charon 10[IKE] <5> received DPD vendor ID Jul 27 20:50:32 charon 10[IKE] <5> 24.114.26.173 is initiating a Main Mode IKE_SA Jul 27 20:50:32 charon 10[ENC] <5> generating ID_PROT response 0 [ SA V V V V ] Jul 27 20:50:32 charon 10[NET] <5> sending packet: from scrubbed[500] to 24.114.26.173[45214] (160 bytes) Jul 27 20:50:32 charon 10[NET] <5> received packet: from 24.114.26.173[45214] to scrubbed[500] (228 bytes) Jul 27 20:50:32 charon 10[ENC] <5> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Jul 27 20:50:32 charon 10[IKE] <5> remote host is behind NAT Jul 27 20:50:32 charon 10[ENC] <5> generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Jul 27 20:50:32 charon 10[NET] <5> sending packet: from scrubbed[500] to 24.114.26.173[45214] (244 bytes) Jul 27 20:50:32 charon 07[NET] <5> received packet: from 24.114.26.173[45215] to scrubbed[4500] (92 bytes) Jul 27 20:50:32 charon 07[ENC] <5> parsed ID_PROT request 0 [ ID HASH ] Jul 27 20:50:32 charon 07[CFG] <5> looking for XAuthInitPSK peer configs matching scrubbed...24.114.26.173[25.248.121.28] Jul 27 20:50:32 charon 07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode Jul 27 20:50:32 charon 07[ENC] <5> generating INFORMATIONAL_V1 request 440549279 [ HASH N(AUTH_FAILED) ] Jul 27 20:50:32 charon 07[NET] <5> sending packet: from scrubbed[4500] to 24.114.26.173[45215] (92 bytes)
Server: pfSense 2.3.4-RELEASE-p1
Client: Android 7.1.1 deviceVPN config is attached.
In all my years of using pfSense, I have never gotten IPSEC to work. Now that PPTP is finally removed, I need a new VPN solution. Can someone figure out what I am doing wrong?
Thanks
-
error in the log is here :
Jul 27 20:50:32 charon 07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode
trying to tackle problems with mine as well, also you missed a scrub in the log, about 4 lines above the above
take it you're following : https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To
did you add the user login? can see you've added the pre-shared key
your other option is to use OpenVPN on pfsense + an OpenVPN client on your android
-
error in the log is here :
Jul 27 20:50:32 charon 07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode
did you add the user login? can see you've added the pre-shared key
Wow, I forgot to add permissions to the users to allow it to dial in. I also changed the phase 1 to Main instead of aggressive. IPSEC Xauth PSK works like a charm now.