User authentication failed with iPhone and IPsec VPN



  • Hello,

    I've configured a VPN on pfSense using these instructions:

    https://www.netgate.com/docs/pfsense/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html

    I'm able to successfully connect to the VPN my Windows 10 laptop, but when I try to connect my iPhone using the same username and password, I get the following message:

    User authentication failed

    The iPhone is using iOS 12.1.

    Here are the last few entries of the log:

    Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
    Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> splitting IKE message with length of 1552 bytes into 2 fragments
    Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ EF(1/2) ]
    Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ EF(2/2) ]
    Dec 5 09:30:56	charon		01[NET] <con-mobile|6> sending packet: from 74.112.16.144[4500] to 166.137.219.164[19052] (1236 bytes)
    Dec 5 09:30:56	charon		01[NET] <con-mobile|6> sending packet: from 74.112.16.144[4500] to 166.137.219.164[19052] (388 bytes)
    Dec 5 09:31:26	charon		15[JOB] <con-mobile|6> deleting half open IKE_SA with 166.137.219.164 after timeout
    Dec 5 09:31:26	charon		15[IKE] <con-mobile|6> IKE_SA con-mobile[6] state change: CONNECTING => DESTROYING
    

    It seems that the iPhone is never reponding to the IKE_AUTH response 1.

    I'm not sure what to do next to troubleshoot this. Thanks in advance for your help!

    Alan



  • I figured out the problem.

    I had exported and installed the wrong cert on my phone. Instead of installing the CA cert, I had mistakenly installed the "Server Certificate".

    After correcting this, I was able to connect to the VPN successfully.

    Hopefully this will help someone else.