1. Home
  2. pfSense® Software
  3. IPsec
  4. IPsec GCP setup

IPsec GCP setup

  • J

    We are trying to setup a VPN tunnel between a Google cloud  VPC and a PFsense box.

    We found the following guide https://blog.paranoidsoftware.com/pfsense-ipsec-vpn-connection-to-azure-aws-and-google-cloud-2/

    This is the error we get on the pfsense side.

    
Apr 24 16:19:12    charon        08[ENC] <bypasslan|1495>generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>no alternative config found
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>selected peer config 'bypasslan' inacceptable: non-matching authentication done
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>constraint requires public key authentication, but pre-shared key was used
Apr 24 16:19:12    charon        08[IKE] <bypasslan|1495>authentication of '35.189.X.X' with pre-shared key successful
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>selected peer config 'bypasslan'
Apr 24 16:19:12    charon        08[CFG] <1495> looking for peer configs matching 195.188.X.X[195.188.X.X]...35.189.X.X[35.189.X.X]
Apr 24 16:19:12    charon        08[ENC] <1495> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
Apr 24 16:19:12    charon        08[NET] <1495> received packet: from 35.189.X.X[500] to 195.188.X.X[500] (352 bytes)
Apr 24 16:19:12    charon        08[NET] <1495> sending packet: from 195.188.X.X[500] to 35.189.X.X[500] (586 bytes)
Apr 24 16:19:12    charon        08[ENC] <1495> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
Apr 24 16:19:12    charon        08[IKE] <1495> 35.189.X.X is initiating an IKE_SA
Apr 24 16:19:12    charon        08[ENC] <1495> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
Apr 24 16:19:12    charon        08[NET] <1495> received packet: from 35.189.X.X[500] to 195.188.X.X[500] (1012 bytes)</bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495>

    We also changed the following as peer didn't accept DH group MODP_2048, it requested MODP_3072.

    Is there an official guide somewhere to setup ipsec to Google cloud?

    Does anyone have any suggestions as to what the above error is saying ?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy