• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPsec GCP setup

Scheduled Pinned Locked Moved IPsec
1 Posts 1 Posters 728 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jeffsmith82
    last edited by Apr 24, 2018, 3:30 PM

    We are trying to setup a VPN tunnel between a Google cloud  VPC and a PFsense box.

    We found the following guide https://blog.paranoidsoftware.com/pfsense-ipsec-vpn-connection-to-azure-aws-and-google-cloud-2/

    This is the error we get on the pfsense side.

    
Apr 24 16:19:12    charon        08[ENC] <bypasslan|1495>generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>no alternative config found
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>selected peer config 'bypasslan' inacceptable: non-matching authentication done
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>constraint requires public key authentication, but pre-shared key was used
Apr 24 16:19:12    charon        08[IKE] <bypasslan|1495>authentication of '35.189.X.X' with pre-shared key successful
Apr 24 16:19:12    charon        08[CFG] <bypasslan|1495>selected peer config 'bypasslan'
Apr 24 16:19:12    charon        08[CFG] <1495> looking for peer configs matching 195.188.X.X[195.188.X.X]...35.189.X.X[35.189.X.X]
Apr 24 16:19:12    charon        08[ENC] <1495> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
Apr 24 16:19:12    charon        08[NET] <1495> received packet: from 35.189.X.X[500] to 195.188.X.X[500] (352 bytes)
Apr 24 16:19:12    charon        08[NET] <1495> sending packet: from 195.188.X.X[500] to 35.189.X.X[500] (586 bytes)
Apr 24 16:19:12    charon        08[ENC] <1495> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
Apr 24 16:19:12    charon        08[IKE] <1495> 35.189.X.X is initiating an IKE_SA
Apr 24 16:19:12    charon        08[ENC] <1495> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
Apr 24 16:19:12    charon        08[NET] <1495> received packet: from 35.189.X.X[500] to 195.188.X.X[500] (1012 bytes)</bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495></bypasslan|1495>

    We also changed the following as peer didn't accept DH group MODP_2048, it requested MODP_3072.

    Is there an official guide somewhere to setup ipsec to Google cloud?

    Does anyone have any suggestions as to what the above error is saying ?

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received