Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mismatched keys on 2.5.1

    IPsec
    1
    1
    295
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeffsmith82
      last edited by

      I have a couple of pfsense boxes and use the exact same ipsec config with the only difference being IP addresses and the pre shared key. Upgraded one server to 2.5.1 and now it snot connecting with the error message from https://docs.netgate.com/pfsense/en/latest/troubleshooting/ipsec.html#phase-1-identifier-mismatch but checked the pre shared keys and they are identical. Where should i look to diagnose the issue here. Are there any known issues around this with 2.5.1. Im using shrewsoft as the client.

      
May 15 20:48:56	charon	221	01[NET] <con-mobile|7384> received packet: from 82.42.XX.XX[4500] to 83.126.XX.XX[4500] (92 bytes)
May 15 20:48:56	charon	221	07[IKE] <con-mobile|7384> AGGRESSIVE request with message ID 0 processing failed
May 15 20:48:56	charon	221	07[NET] <con-mobile|7384> sending packet: from 83.126.xx.xx[500] to 82.42.xx.xx[500] (92 bytes)
May 15 20:48:56	charon	221	07[ENC] <con-mobile|7384> generating INFORMATIONAL_V1 request 738198657 [ HASH N(PLD_MAL) ]
May 15 20:48:56	charon	221	07[IKE] <con-mobile|7384> message parsing failed
May 15 20:48:56	charon	221	07[ENC] <con-mobile|7384> could not decrypt payloads
May 15 20:48:56	charon	221	07[ENC] <con-mobile|7384> invalid HASH_V1 payload length, decryption failed?
May 15 20:48:56	charon	221	07[NET] <con-mobile|7384> received packet: from 82.42.xx.xx[4500] to 83.126.xx.xx[4500] (140 bytes)
May 15 20:48:56	charon	221	07[NET] <con-mobile|7384> sending packet: from 83.126.xx.xx[500] to 82.42.xx.xx[500] (556 bytes)
May 15 20:48:56	charon	221	07[ENC] <con-mobile|7384> generating AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D HASH ]
May 15 20:48:56	charon	221	07[CFG] <7384> selected peer config "con-mobile"
May 15 20:48:56	charon	221	07[CFG] <7384> looking for XAuthInitPSK peer configs matching 83.126.xx.xx...82.42.xx.xx[73:74:70:2d:70:30:31:40:68:6f:72:6e:62:69:6c:6c:2e:63:6f:6d]
May 15 20:48:56	charon	221	07[CFG] <7384> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
May 15 20:48:56	charon	221	07[IKE] <7384> 82.42.xx.xx is initiating a Aggressive Mode IKE_SA
May 15 20:48:56	charon	221	07[IKE] <7384> received Cisco Unity vendor ID
May 15 20:48:56	charon	221	07[ENC] <7384> received unknown vendor ID: 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
May 15 20:48:56	charon	221	07[ENC] <7384> received unknown vendor ID: 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
May 15 20:48:56	charon	221	07[ENC] <7384> received unknown vendor ID: f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
May 15 20:48:56	charon	221	07[ENC] <7384> received unknown vendor ID: 3b:90:31:dc:e4:fc:f8:8b:48:9a:92:39:63:dd:0c:49
May 15 20:48:56	charon	221	07[IKE] <7384> received DPD vendor ID
May 15 20:48:56	charon	221	07[IKE] <7384> received NAT-T (RFC 3947) vendor ID
May 15 20:48:56	charon	221	07[IKE] <7384> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 15 20:48:56	charon	221	07[IKE] <7384> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 15 20:48:56	charon	221	07[ENC] <7384> received unknown vendor ID: 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
May 15 20:48:56	charon	221	07[IKE] <7384> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
May 15 20:48:56	charon	221	07[IKE] <7384> received XAuth vendor ID
May 15 20:48:56	charon	221	07[ENC] <7384> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V ]
May 15 20:48:56	charon	221	07[NET] <7384> received packet: from 82.42.xx.xx[500] to 83.126.xx.xx[500] (636 bytes)
May 1
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.