4. IPsec GCP setup

IPsec GCP setup

  • J

    We are trying to setup a VPN tunnel between a Google cloud  VPC and a PFsense box.

    We found the following guide https://blog.paranoidsoftware.com/pfsense-ipsec-vpn-connection-to-azure-aws-and-google-cloud-2/

    This is the error we get on the pfsense side.

    
Apr 24 16:19:12    charon        08[ENC] <bypasslan|1495>generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>no alternative config found
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>selected peer config 'bypasslan' inacceptable: non-matching authentication done
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>constraint requires public key authentication, but pre-shared key was used
Apr 24 16:19:12    charon        08[IKE] <bypasslan|1495>authentication of '35.189.X.X' with pre-shared key successful
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>selected peer config 'bypasslan'
Apr 24 16:19:12    charon        08[CFG] <1495> looking for peer configs matching 195.188.X.X[195.188.X.X]...35.189.X.X[35.189.X.X]
Apr 24 16:19:12    charon        08[ENC] <1495> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
Apr 24 16:19:12    charon        08[NET] <1495> received packet: from 35.189.X.X[500] to 195.188.X.X[500] (352 bytes)
Apr 24 16:19:12    charon        08[NET] <1495> sending packet: from 195.188.X.X[500] to 35.189.X.X[500] (586 bytes)
Apr 24 16:19:12    charon        08[ENC] <1495> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
Apr 24 16:19:12    charon        08[IKE] <1495> 35.189.X.X is initiating an IKE_SA
Apr 24 16:19:12    charon        08[ENC] <1495> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
Apr 24 16:19:12    charon        08[NET] <1495> received packet: from 35.189.X.X[500] to 195.188.X.X[500] (1012 bytes)</bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495>

    We also changed the following as peer didn't accept DH group MODP_2048, it requested MODP_3072.

    Is there an official guide somewhere to setup ipsec to Google cloud?

    Does anyone have any suggestions as to what the above error is saying ?

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy