[SOLVED]Could not authenticate with XAuth secrets
-
For those who are interested.
My problem has been solved by creating a new group with IPSec rights and users belonging to it. The previous group and users where probably bugged.
The next problem was the packet routing inside the tunnel.Hello,
I have updated to 2.2.6, things seems to go better.
Now I have an Authentification failed message, but I'm sure I have enter the right login and password. Any other suggestions ?
Find below the log and the overview of IPSec Status.
Aug 22 10:59:57 charon: 06[IKE] <con1|6> destroying IKE_SA after failed XAuth authentication Aug 22 10:59:57 charon: 06[ENC] <con1|6> parsed TRANSACTION response 1114253522 [ HASH CPA(X_STATUS) ] Aug 22 10:59:57 charon: 06[NET] <con1|6> received packet: from 80.12.63.157[64916] to 192.168.X.X[4500] (76 bytes) Aug 22 10:59:57 charon: 06[NET] <con1|6> sending packet: from 192.168.X.X[4500] to 80.12.63.157[64916] (76 bytes) Aug 22 10:59:57 charon: 06[ENC] <con1|6> generating TRANSACTION request 1114253522 [ HASH CPS(X_STATUS) ] Aug 22 10:59:57 charon: 06[IKE] <con1|6> XAuth authentication of 'vpnbob' failed Aug 22 10:59:57 charon: 06[IKE] <con1|6> Could not authenticate with XAuth secrets for '192.168.X.X' - 'vpnbob' Aug 22 10:59:57 charon: 06[IKE] <con1|6> XAuth-SCRIPT failed for user 'vpntb' with return status: -1. Aug 22 10:59:57 charon: user 'vpntb' could not authenticate. Aug 22 10:59:56 charon: 06[ENC] <con1|6> parsed TRANSACTION response 311174579 [ HASH CPRP(X_USER X_PWD) ] Aug 22 10:59:56 charon: 06[NET] <con1|6> received packet: from 80.12.63.157[64916] to 192.168.X.X[4500] (92 bytes) Aug 22 10:59:56 charon: 06[NET] <con1|6> sending packet: from 192.168.X.X[4500] to 80.12.63.157[64916] (76 bytes) Aug 22 10:59:56 charon: 06[ENC] <con1|6> generating TRANSACTION request 311174579 [ HASH CPRQ(X_USER X_PWD) ] Aug 22 10:59:56 charon: 06[IKE] <con1|6> remote host is behind NAT Aug 22 10:59:56 charon: 06[IKE] <con1|6> local host is behind NAT, sending keep alives Aug 22 10:59:56 charon: 06[ENC] <con1|6> parsed AGGRESSIVE request 0 [ HASH NAT-D NAT-D N(INITIAL_CONTACT) ] Aug 22 10:59:56 charon: 06[NET] <con1|6> received packet: from 80.12.63.157[64916] to 192.168.X.X[4500] (140 bytes) Aug 22 10:59:56 charon: 06[NET] <con1|6> sending packet: from 192.168.X.X[500] to 80.12.63.157[1011] (432 bytes) Aug 22 10:59:56 charon: 06[ENC] <con1|6> generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V V ] Aug 22 10:59:56 charon: 06[CFG] <6> selected peer config "con1" Aug 22 10:59:56 charon: 06[CFG] <6> looking for XAuthInitPSK peer configs matching 192.168.X.X...80.12.63.157[vpnusers] Aug 22 10:59:56 charon: 06[IKE] <6> 80.12.63.157 is initiating a Aggressive Mode IKE_SA Aug 22 10:59:56 charon: 06[IKE] <6> received DPD vendor ID Aug 22 10:59:56 charon: 06[IKE] <6> received Cisco Unity vendor ID Aug 22 10:59:56 charon: 06[IKE] <6> received XAuth vendor ID Aug 22 10:59:56 charon: 06[IKE] <6> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID</con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6></con1|6>
Description Local ID Local IP Remote ID Remote IP Role Reauth Algo Status Phase1 IPSec bob 192.168.X.X 192.168.X.X bob@mysite.com Unknown Awaiting connections
Thanks in advance
-
I'm now able to create a tunnel between my PFSense, Macs and Iphone with IOS 10.
I'm still not able to access the nework behind the firewall. If I cannot find any answer with the search engin, I'm going to create a new subject.