No reaction in IPSec logs, how to debug? (vodafone station)
I have a pfsense config I've been using for several years now, including a working IPSec setup (roadwarrior).
Now this year, two things changed:
- I've introduced VLANs into my local LAN
- I have received a new cable modem/router thing from vodafone
Now after the VLAN change, I would not get the IPSec to work, in the sense that I could not get it to route into my VLANs. So now, since I have some spare time again, I wanted to work on this issue again.
However, I found that I cannot even connect at all, which leads me to believe that the modem/router replacement somehow impacted the IPSec.
I am using a thing which looks like this: https://kabel.vodafone.de/static/media/Arris_VodafoneStation_TG344DE.pdf
On a 1gbit cable connection. I do have a valid IPv4 address, and I have set up port forwarding to the pfsense box for the ports 4500/500 (UDP), 10000 (TCP), and also 50/51/161 TCP/UDP, but I think theyre not IPSec related. The "firewall" feature of the vodafone box is disabled.
When I do
nc -z -v -u [PUBLIC_IP] 4500I would get
Connection to xxxxxxx port 4500 [udp/ipsec-msft] succeeded!, same for port 500.
This leads me to believe that port fowarding is working. However I don't know if I can actually reach the pfsense through that IP/ports, since I get the same success when I disable the IPSec temporarily on the pfsense. Also the connection attempt on my iPhone times out after a minute or so (), and in the pfsense system logs / IPSec section I will see no entry at all. I would therefore assume that actually I am not reaching the pfsense, unless something is severely broken in my config.
What could be causing this? Is this a port fowarding issue? How can I investigate the issue further?