1. Home
  2. pfSense® Software
  3. IPsec
  4. User authentication failed with iPhone and IPsec VPN

User authentication failed with iPhone and IPsec VPN

  • A

    Hello,

    I've configured a VPN on pfSense using these instructions:

    https://www.netgate.com/docs/pfsense/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html

    I'm able to successfully connect to the VPN my Windows 10 laptop, but when I try to connect my iPhone using the same username and password, I get the following message:

    User authentication failed

    The iPhone is using iOS 12.1.

    Here are the last few entries of the log:

    Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> splitting IKE message with length of 1552 bytes into 2 fragments
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ EF(1/2) ]
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ EF(2/2) ]
Dec 5 09:30:56	charon		01[NET] <con-mobile|6> sending packet: from 74.112.16.144[4500] to 166.137.219.164[19052] (1236 bytes)
Dec 5 09:30:56	charon		01[NET] <con-mobile|6> sending packet: from 74.112.16.144[4500] to 166.137.219.164[19052] (388 bytes)
Dec 5 09:31:26	charon		15[JOB] <con-mobile|6> deleting half open IKE_SA with 166.137.219.164 after timeout
Dec 5 09:31:26	charon		15[IKE] <con-mobile|6> IKE_SA con-mobile[6] state change: CONNECTING => DESTROYING

    It seems that the iPhone is never reponding to the IKE_AUTH response 1.

    I'm not sure what to do next to troubleshoot this. Thanks in advance for your help!

    Alan

    0
  • A

    I figured out the problem.

    I had exported and installed the wrong cert on my phone. Instead of installing the CA cert, I had mistakenly installed the "Server Certificate".

    After correcting this, I was able to connect to the VPN successfully.

    Hopefully this will help someone else.

    2 M 1 Reply
  • M

    @avalanchis I am SOOOO glad you commented on the resolution in this thread, I made exactly the same error and after hours of trying and surfing I found your thread, THANKS!

    2 A 1 Reply
  • A

    @murphster_matt What's funny about this is that I had the same problem when trying to set up a different phone, and I'd completely forgotten about this solution until you posted your comment! Thanks for reminding me!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy