Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    User authentication failed with iPhone and IPsec VPN

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      avalanchis
      last edited by

      Hello,

      I've configured a VPN on pfSense using these instructions:

      https://www.netgate.com/docs/pfsense/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html

      I'm able to successfully connect to the VPN my Windows 10 laptop, but when I try to connect my iPhone using the same username and password, I get the following message:

      User authentication failed

      The iPhone is using iOS 12.1.

      Here are the last few entries of the log:

      Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> splitting IKE message with length of 1552 bytes into 2 fragments
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ EF(1/2) ]
Dec 5 09:30:56	charon		01[ENC] <con-mobile|6> generating IKE_AUTH response 1 [ EF(2/2) ]
Dec 5 09:30:56	charon		01[NET] <con-mobile|6> sending packet: from 74.112.16.144[4500] to 166.137.219.164[19052] (1236 bytes)
Dec 5 09:30:56	charon		01[NET] <con-mobile|6> sending packet: from 74.112.16.144[4500] to 166.137.219.164[19052] (388 bytes)
Dec 5 09:31:26	charon		15[JOB] <con-mobile|6> deleting half open IKE_SA with 166.137.219.164 after timeout
Dec 5 09:31:26	charon		15[IKE] <con-mobile|6> IKE_SA con-mobile[6] state change: CONNECTING => DESTROYING

      It seems that the iPhone is never reponding to the IKE_AUTH response 1.

      I'm not sure what to do next to troubleshoot this. Thanks in advance for your help!

      Alan

      1 Reply Last reply Reply Quote 0
      • A
        avalanchis
        last edited by

        I figured out the problem.

        I had exported and installed the wrong cert on my phone. Instead of installing the CA cert, I had mistakenly installed the "Server Certificate".

        After correcting this, I was able to connect to the VPN successfully.

        Hopefully this will help someone else.

        M 1 Reply Last reply Reply Quote 2
        • M
          murphster_matt @avalanchis
          last edited by

          @avalanchis I am SOOOO glad you commented on the resolution in this thread, I made exactly the same error and after hours of trying and surfing I found your thread, THANKS!

          A 1 Reply Last reply Reply Quote 2
          • A
            avalanchis @murphster_matt
            last edited by

            @murphster_matt What's funny about this is that I had the same problem when trying to set up a different phone, and I'd completely forgotten about this solution until you posted your comment! Thanks for reminding me!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.