<![CDATA[Unable to get past P1 Authentication with PSK because of Aggressive mode on Yamaha RTX]]>I have Site A (pfsense, static IP) and Site B (Yamaha RTX-810, dynamic IP + DDNS).
The Yamaha is trying to connect to the pfsense.

The Yamaha has no choice but to do IKEv1 in Aggressive Mode. No matter how I configure the Phase 1 IDs, I can't get this to authenticate!

12[NET] <4> received packet: from 118.8.30.73[500] to 180.43.61.110[500] (328 bytes)
Jul 1 18:27:43	charon		12[ENC] <4> parsed AGGRESSIVE request 0 [ SA KE No ID V ]
Jul 1 18:27:43	charon		12[CFG] <4> looking for an ike config for 180.43.61.110...118.8.30.73
Jul 1 18:27:43	charon		12[CFG] <4> candidate: %any...%any, prio 24
Jul 1 18:27:43	charon		12[CFG] <4> candidate: 180.43.61.110...kai-annex.aa0.netvolante.jp, prio 3100
Jul 1 18:27:43	charon		12[CFG] <4> found matching ike config: 180.43.61.110...kai-annex.aa0.netvolante.jp with prio 3100
Jul 1 18:27:43	charon		12[IKE] <4> received DPD vendor ID
Jul 1 18:27:43	charon		12[IKE] <4> 118.8.30.73 is initiating a Aggressive Mode IKE_SA
Jul 1 18:27:43	charon		12[IKE] <4> IKE_SA (unnamed)[4] state change: CREATED => CONNECTING
Jul 1 18:27:43	charon		12[CFG] <4> selecting proposal:
Jul 1 18:27:43	charon		12[CFG] <4> proposal matches
Jul 1 18:27:43	charon		12[CFG] <4> received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jul 1 18:27:43	charon		12[CFG] <4> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jul 1 18:27:43	charon		12[CFG] <4> selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jul 1 18:27:43	charon		12[CFG] <4> looking for pre-shared key peer configs matching 180.43.61.110...118.8.30.73[d1:d4:3f:33:b6:75:17:99:47:06:0e:61:d9:44:93:1c]
Jul 1 18:27:43	charon		12[CFG] <4> candidate "bypasslan", match: 1/1/24 (me/other/ike)
Jul 1 18:27:43	charon		12[IKE] <4> found 1 matching config, but none allows pre-shared key authentication using Aggressive Mode
Jul 1 18:27:43	charon		12[IKE] <4> queueing INFORMATIONAL task
Jul 1 18:27:43	charon		12[IKE] <4> activating new tasks
Jul 1 18:27:43	charon		12[IKE] <4> activating INFORMATIONAL task
Jul 1 18:27:43	charon		12[ENC] <4> generating INFORMATIONAL_V1 request 3541139542 [ N(AUTH_FAILED) ]
Jul 1 18:27:43	charon		12[NET] <4> sending packet: from 180.43.61.110[500] to 118.8.30.73[500] (56 bytes)
Jul 1 18:27:43	charon		12[IKE] <4> IKE_SA (unnamed)[4] state change: CONNECTING => DESTROYING
]]>https://forum.netgate.com/topic/132403/unable-to-get-past-p1-authentication-with-psk-because-of-aggressive-mode-on-yamaha-rtxRSS for NodeThu, 05 Mar 2026 14:47:08 GMTSun, 01 Jul 2018 09:32:02 GMT60<![CDATA[Reply to Unable to get past P1 Authentication with PSK because of Aggressive mode on Yamaha RTX on Sun, 01 Jul 2018 09:46:23 GMT]]>Specifically:

found 1 matching config, but none allows pre-shared key authentication using Aggressive Mode

If my P1 entry is doing Aggressive with PSK for the "My IP address" and "Peer IP address" and it matches my proposals for hash and encryption...why can't it recognize my PSK?

]]>https://forum.netgate.com/post/774900https://forum.netgate.com/post/774900Sun, 01 Jul 2018 09:46:23 GMT