Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC can't connect, no errors in logs.

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 975 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dpsi
      last edited by

      
      Jul 27 20:50:32 	charon 		10[NET] <5> received packet: from 24.114.26.173[45214] to scrubbed[500] (612 bytes)
      Jul 27 20:50:32 	charon 		10[ENC] <5> parsed ID_PROT request 0 [ SA V V V V V V V V ]
      Jul 27 20:50:32 	charon 		10[IKE] <5> received NAT-T (RFC 3947) vendor ID
      Jul 27 20:50:32 	charon 		10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jul 27 20:50:32 	charon 		10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jul 27 20:50:32 	charon 		10[IKE] <5> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
      Jul 27 20:50:32 	charon 		10[IKE] <5> received XAuth vendor ID
      Jul 27 20:50:32 	charon 		10[IKE] <5> received Cisco Unity vendor ID
      Jul 27 20:50:32 	charon 		10[IKE] <5> received FRAGMENTATION vendor ID
      Jul 27 20:50:32 	charon 		10[IKE] <5> received DPD vendor ID
      Jul 27 20:50:32 	charon 		10[IKE] <5> 24.114.26.173 is initiating a Main Mode IKE_SA
      Jul 27 20:50:32 	charon 		10[ENC] <5> generating ID_PROT response 0 [ SA V V V V ]
      Jul 27 20:50:32 	charon 		10[NET] <5> sending packet: from scrubbed[500] to 24.114.26.173[45214] (160 bytes)
      Jul 27 20:50:32 	charon 		10[NET] <5> received packet: from 24.114.26.173[45214] to scrubbed[500] (228 bytes)
      Jul 27 20:50:32 	charon 		10[ENC] <5> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
      Jul 27 20:50:32 	charon 		10[IKE] <5> remote host is behind NAT
      Jul 27 20:50:32 	charon 		10[ENC] <5> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
      Jul 27 20:50:32 	charon 		10[NET] <5> sending packet: from scrubbed[500] to 24.114.26.173[45214] (244 bytes)
      Jul 27 20:50:32 	charon 		07[NET] <5> received packet: from 24.114.26.173[45215] to scrubbed[4500] (92 bytes)
      Jul 27 20:50:32 	charon 		07[ENC] <5> parsed ID_PROT request 0 [ ID HASH ]
      Jul 27 20:50:32 	charon 		07[CFG] <5> looking for XAuthInitPSK peer configs matching scrubbed...24.114.26.173[25.248.121.28]
      Jul 27 20:50:32 	charon 		07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode
      Jul 27 20:50:32 	charon 		07[ENC] <5> generating INFORMATIONAL_V1 request 440549279 [ HASH N(AUTH_FAILED) ]
      Jul 27 20:50:32 	charon 		07[NET] <5> sending packet: from scrubbed[4500] to 24.114.26.173[45215] (92 bytes) 
      
      

      Server: pfSense  2.3.4-RELEASE-p1
      Client: Android 7.1.1 device

      VPN config is attached.

      In all my years of using pfSense, I have never gotten IPSEC to work. Now that PPTP is finally removed, I need a new VPN solution. Can someone figure out what I am doing wrong?

      Thanks
      Screenshot_786.png
      Screenshot_786.png_thumb
      Screenshot_787.png
      Screenshot_787.png_thumb
      Screenshot_788.png
      Screenshot_788.png_thumb
      Screenshot_789.png
      Screenshot_789.png_thumb

      1 Reply Last reply Reply Quote 0
      • W
        warmadmax
        last edited by

        error in the log is here :

        Jul 27 20:50:32 	charon 		07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode
        

        trying to tackle problems with mine as well, also you missed a scrub in the log, about 4 lines above the above

        take it you're following : https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

        did you add the user login? can see you've added the pre-shared key

        your other option is to use OpenVPN on pfsense + an OpenVPN client on your android

        1 Reply Last reply Reply Quote 0
        • D
          dpsi
          last edited by

          @warmadmax:

          error in the log is here :

          Jul 27 20:50:32 	charon 		07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode
          

          did you add the user login? can see you've added the pre-shared key

          Wow, I forgot to add permissions to the users to allow it to dial in. I also changed the phase 1 to Main instead of aggressive. IPSEC Xauth PSK works like a charm now.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.