IPSEC can't connect, no errors in logs.

dpsi

Jul 27 20:50:32 	charon 		10[NET] <5> received packet: from 24.114.26.173[45214] to scrubbed[500] (612 bytes)
Jul 27 20:50:32 	charon 		10[ENC] <5> parsed ID_PROT request 0 [ SA V V V V V V V V ]
Jul 27 20:50:32 	charon 		10[IKE] <5> received NAT-T (RFC 3947) vendor ID
Jul 27 20:50:32 	charon 		10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jul 27 20:50:32 	charon 		10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jul 27 20:50:32 	charon 		10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jul 27 20:50:32 	charon 		10[IKE] <5> received XAuth vendor ID
Jul 27 20:50:32 	charon 		10[IKE] <5> received Cisco Unity vendor ID
Jul 27 20:50:32 	charon 		10[IKE] <5> received FRAGMENTATION vendor ID
Jul 27 20:50:32 	charon 		10[IKE] <5> received DPD vendor ID
Jul 27 20:50:32 	charon 		10[IKE] <5> 24.114.26.173 is initiating a Main Mode IKE_SA
Jul 27 20:50:32 	charon 		10[ENC] <5> generating ID_PROT response 0 [ SA V V V V ]
Jul 27 20:50:32 	charon 		10[NET] <5> sending packet: from scrubbed[500] to 24.114.26.173[45214] (160 bytes)
Jul 27 20:50:32 	charon 		10[NET] <5> received packet: from 24.114.26.173[45214] to scrubbed[500] (228 bytes)
Jul 27 20:50:32 	charon 		10[ENC] <5> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jul 27 20:50:32 	charon 		10[IKE] <5> remote host is behind NAT
Jul 27 20:50:32 	charon 		10[ENC] <5> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jul 27 20:50:32 	charon 		10[NET] <5> sending packet: from scrubbed[500] to 24.114.26.173[45214] (244 bytes)
Jul 27 20:50:32 	charon 		07[NET] <5> received packet: from 24.114.26.173[45215] to scrubbed[4500] (92 bytes)
Jul 27 20:50:32 	charon 		07[ENC] <5> parsed ID_PROT request 0 [ ID HASH ]
Jul 27 20:50:32 	charon 		07[CFG] <5> looking for XAuthInitPSK peer configs matching scrubbed...24.114.26.173[25.248.121.28]
Jul 27 20:50:32 	charon 		07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode
Jul 27 20:50:32 	charon 		07[ENC] <5> generating INFORMATIONAL_V1 request 440549279 [ HASH N(AUTH_FAILED) ]
Jul 27 20:50:32 	charon 		07[NET] <5> sending packet: from scrubbed[4500] to 24.114.26.173[45215] (92 bytes) 

Server: pfSense  2.3.4-RELEASE-p1
Client: Android 7.1.1 device

VPN config is attached.

In all my years of using pfSense, I have never gotten IPSEC to work. Now that PPTP is finally removed, I need a new VPN solution. Can someone figure out what I am doing wrong?

Thanks

warmadmax

error in the log is here :

Jul 27 20:50:32 	charon 		07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode

trying to tackle problems with mine as well, also you missed a scrub in the log, about 4 lines above the above

take it you're following : https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

did you add the user login? can see you've added the pre-shared key

your other option is to use OpenVPN on pfsense + an OpenVPN client on your android

dpsi

@warmadmax:

error in the log is here :

Jul 27 20:50:32 	charon 		07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode

did you add the user login? can see you've added the pre-shared key

Wow, I forgot to add permissions to the users to allow it to dial in. I also changed the phase 1 to Main instead of aggressive. IPSEC Xauth PSK works like a charm now.