• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPSec connection fails

Scheduled Pinned Locked Moved IPsec
4 Posts 2 Posters 902 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jens9
    last edited by Nov 27, 2018, 12:12 PM

    Hello
    I am trying to open an IPSec tunnel between a Sophos XG Firewall and pfSense 2.4.4. I already tried a connection with IKEv2 which did not work. So I switched to IKEv1 to get finally this damn tunnel up. To bring up a tunnel should be totaly easy, if you control both sides firewall. It is not!
    Here a part of my config:
    AES256 - SHA 2 512 - DH14 2048 (used in Phase1 and in Phase 2)
    Authentication IP adresses and PSK
    Dial in direction: Sophos XG initiates connection to pfSense.

    Here the error log:
    "found 1 matching config, but none allows pre-shared key authentication using Main Mode"

    Bullshit! It is main mode!!! Why this log throws out a totally wrong information? Sophos XG is on main mode and pfSense is in Main mode. I switched on pfSense to agressive mode just for a test. Same result. There is only one configuration for a IPSec VPN tunnel, so it is impossilbe to find the wrong configuration.
    Any ideas?

    B 1 Reply Last reply Nov 27, 2018, 12:42 PM Reply Quote 0
    • B
      Babiz @jens9
      last edited by Nov 27, 2018, 12:42 PM

      @jens9
      Hello, it's my P1 config here works fine:
      alt text
      alt text

      Hope will useful, bye.

      1 Reply Last reply Reply Quote 0
      • J
        jens9
        last edited by Nov 28, 2018, 7:42 AM

        Hello Babiz

        I hope you didn't compromize yourself by posting your PSK here 😉
        Are you using also a Sophos XG on the oposite?

        To configure this was so frustrating, that I finally gave up. I did not want to try out all encryption mode possibilities to find a working solution. It should work with any encryption mode. Finally I tried OPNsense, which is a fork of pfSense. Since this works on my first try with the same configuration on my Sophos XG, I guess this is a case for the developers to check out what is wrong here in the IPSec section.
        Maybe the frontend UI does not configure right the backend here. I have no other explanation for the strange behaviour.

        I will try out your configuration after my holidays, which begin soon. For now the tunnels are up and do it's job.

        Best Regards
        Jens

        1 Reply Last reply Reply Quote 0
        • B
          Babiz
          last edited by Nov 28, 2018, 1:07 PM

          Nice to see @jens9 you "solved" your issue, dont'worry about my psk, I regenerate it periodically 🚪

          MY vpn in truth is pfSense to pfSense, and so is very interesting about your ipsec configuration discovery, you have check this kind of behavior, and top of all, opnSense might to be working fine , better than pfSense do. Lool!

          Hope in meantime some developers like @jimp looks at this stranger thing about dealing with ipsec internals.
          Best regards.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received