• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

User authentication failed with iPhone and IPsec VPN

Scheduled Pinned Locked Moved IPsec
4 Posts 2 Posters 2.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    avalanchis
    last edited by Dec 5, 2018, 4:46 PM

    Hello,

    I've configured a VPN on pfSense using these instructions:

    https://www.netgate.com/docs/pfsense/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html

    I'm able to successfully connect to the VPN my Windows 10 laptop, but when I try to connect my iPhone using the same username and password, I get the following message:

    User authentication failed

    The iPhone is using iOS 12.1.

    Here are the last few entries of the log:

    Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> splitting IKE message with length of 1552 bytes into 2 fragments
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ EF(1/2) ]
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ EF(2/2) ]
Dec 5 09:30:56	charon		01[NET] <con-mobile|6> sending packet: from 74.112.16.144[4500] to 166.137.219.164[19052] (1236 bytes)
Dec 5 09:30:56	charon		01[NET] <con-mobile|6> sending packet: from 74.112.16.144[4500] to 166.137.219.164[19052] (388 bytes)
Dec 5 09:31:26	charon		15[JOB] <con-mobile|6> deleting half open IKE_SA with 166.137.219.164 after timeout
Dec 5 09:31:26	charon		15[IKE] <con-mobile|6> IKE_SA con-mobile[6] state change: CONNECTING => DESTROYING

    It seems that the iPhone is never reponding to the IKE_AUTH response 1.

    I'm not sure what to do next to troubleshoot this. Thanks in advance for your help!

    Alan

    1 Reply Last reply Reply Quote 0
    • A
      avalanchis
      last edited by Dec 5, 2018, 5:03 PM

      I figured out the problem.

      I had exported and installed the wrong cert on my phone. Instead of installing the CA cert, I had mistakenly installed the "Server Certificate".

      After correcting this, I was able to connect to the VPN successfully.

      Hopefully this will help someone else.

      M 1 Reply Last reply May 17, 2019, 2:52 PM Reply Quote 2
      • M
        murphster_matt @avalanchis
        last edited by May 17, 2019, 2:52 PM

        @avalanchis I am SOOOO glad you commented on the resolution in this thread, I made exactly the same error and after hours of trying and surfing I found your thread, THANKS!

        A 1 Reply Last reply May 19, 2019, 5:26 PM Reply Quote 2
        • A
          avalanchis @murphster_matt
          last edited by May 19, 2019, 5:26 PM

          @murphster_matt What's funny about this is that I had the same problem when trying to set up a different phone, and I'd completely forgotten about this solution until you posted your comment! Thanks for reminding me!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received