4. User authentication failed with iPhone and IPsec VPN

User authentication failed with iPhone and IPsec VPN

  • A

    Hello,

    I've configured a VPN on pfSense using these instructions:

    https://www.netgate.com/docs/pfsense/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html

    I'm able to successfully connect to the VPN my Windows 10 laptop, but when I try to connect my iPhone using the same username and password, I get the following message:

    User authentication failed

    The iPhone is using iOS 12.1.

    Here are the last few entries of the log:

    Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> splitting IKE message with length of 1552 bytes into 2 fragments
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ EF(1/2) ]
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ EF(2/2) ]
Dec 5 09:30:56	charon		01[NET] <con-mobile|6> sending packet: from 74.112.16.144[4500] to 166.137.219.164[19052] (1236 bytes)
Dec 5 09:30:56	charon		01[NET] <con-mobile|6> sending packet: from 74.112.16.144[4500] to 166.137.219.164[19052] (388 bytes)
Dec 5 09:31:26	charon		15[JOB] <con-mobile|6> deleting half open IKE_SA with 166.137.219.164 after timeout
Dec 5 09:31:26	charon		15[IKE] <con-mobile|6> IKE_SA con-mobile[6] state change: CONNECTING => DESTROYING

    It seems that the iPhone is never reponding to the IKE_AUTH response 1.

    I'm not sure what to do next to troubleshoot this. Thanks in advance for your help!

    Alan

    0
  • A

    I figured out the problem.

    I had exported and installed the wrong cert on my phone. Instead of installing the CA cert, I had mistakenly installed the "Server Certificate".

    After correcting this, I was able to connect to the VPN successfully.

    Hopefully this will help someone else.

    1
    M
     1 Reply
  • M

    @avalanchis I am SOOOO glad you commented on the resolution in this thread, I made exactly the same error and after hours of trying and surfing I found your thread, THANKS!

    1
    A
     1 Reply
  • A

    @murphster_matt What's funny about this is that I had the same problem when trying to set up a different phone, and I'd completely forgotten about this solution until you posted your comment! Thanks for reminding me!

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy