Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec GCP setup

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 768 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeffsmith82
      last edited by

      We are trying to setup a VPN tunnel between a Google cloud  VPC and a PFsense box.

      We found the following guide https://blog.paranoidsoftware.com/pfsense-ipsec-vpn-connection-to-azure-aws-and-google-cloud-2/

      This is the error we get on the pfsense side.

      
Apr 24 16:19:12    charon        08[ENC] <bypasslan|1495>generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>no alternative config found
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>selected peer config 'bypasslan' inacceptable: non-matching authentication done
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>constraint requires public key authentication, but pre-shared key was used
Apr 24 16:19:12    charon        08[IKE] <bypasslan|1495>authentication of '35.189.X.X' with pre-shared key successful
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>selected peer config 'bypasslan'
Apr 24 16:19:12    charon        08[CFG] <1495> looking for peer configs matching 195.188.X.X[195.188.X.X]...35.189.X.X[35.189.X.X]
Apr 24 16:19:12    charon        08[ENC] <1495> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
Apr 24 16:19:12    charon        08[NET] <1495> received packet: from 35.189.X.X[500] to 195.188.X.X[500] (352 bytes)
Apr 24 16:19:12    charon        08[NET] <1495> sending packet: from 195.188.X.X[500] to 35.189.X.X[500] (586 bytes)
Apr 24 16:19:12    charon        08[ENC] <1495> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
Apr 24 16:19:12    charon        08[IKE] <1495> 35.189.X.X is initiating an IKE_SA
Apr 24 16:19:12    charon        08[ENC] <1495> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
Apr 24 16:19:12    charon        08[NET] <1495> received packet: from 35.189.X.X[500] to 195.188.X.X[500] (1012 bytes)</bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495>

      We also changed the following as peer didn't accept DH group MODP_2048, it requested MODP_3072.

      Is there an official guide somewhere to setup ipsec to Google cloud?

      Does anyone have any suggestions as to what the above error is saying ?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.