IPsec GCP setup
-
We are trying to setup a VPN tunnel between a Google cloud VPC and a PFsense box.
We found the following guide https://blog.paranoidsoftware.com/pfsense-ipsec-vpn-connection-to-azure-aws-and-google-cloud-2/
This is the error we get on the pfsense side.
Apr 24 16:19:12 charon 08[ENC] <bypasslan|1495>generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] Apr 24 16:19:12 charon 08[CFG] <bypasslan|1495>no alternative config found Apr 24 16:19:12 charon 08[CFG] <bypasslan|1495>selected peer config 'bypasslan' inacceptable: non-matching authentication done Apr 24 16:19:12 charon 08[CFG] <bypasslan|1495>constraint requires public key authentication, but pre-shared key was used Apr 24 16:19:12 charon 08[IKE] <bypasslan|1495>authentication of '35.189.X.X' with pre-shared key successful Apr 24 16:19:12 charon 08[CFG] <bypasslan|1495>selected peer config 'bypasslan' Apr 24 16:19:12 charon 08[CFG] <1495> looking for peer configs matching 195.188.X.X[195.188.X.X]...35.189.X.X[35.189.X.X] Apr 24 16:19:12 charon 08[ENC] <1495> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ] Apr 24 16:19:12 charon 08[NET] <1495> received packet: from 35.189.X.X[500] to 195.188.X.X[500] (352 bytes) Apr 24 16:19:12 charon 08[NET] <1495> sending packet: from 195.188.X.X[500] to 35.189.X.X[500] (586 bytes) Apr 24 16:19:12 charon 08[ENC] <1495> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ] Apr 24 16:19:12 charon 08[IKE] <1495> 35.189.X.X is initiating an IKE_SA Apr 24 16:19:12 charon 08[ENC] <1495> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ] Apr 24 16:19:12 charon 08[NET] <1495> received packet: from 35.189.X.X[500] to 195.188.X.X[500] (1012 bytes)</bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495>
We also changed the following as peer didn't accept DH group MODP_2048, it requested MODP_3072.
Is there an official guide somewhere to setup ipsec to Google cloud?
Does anyone have any suggestions as to what the above error is saying ?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.