Mismatched keys on 2.5.1
-
I have a couple of pfsense boxes and use the exact same ipsec config with the only difference being IP addresses and the pre shared key. Upgraded one server to 2.5.1 and now it snot connecting with the error message from https://docs.netgate.com/pfsense/en/latest/troubleshooting/ipsec.html#phase-1-identifier-mismatch but checked the pre shared keys and they are identical. Where should i look to diagnose the issue here. Are there any known issues around this with 2.5.1. Im using shrewsoft as the client.
May 15 20:48:56 charon 221 01[NET] <con-mobile|7384> received packet: from 82.42.XX.XX[4500] to 83.126.XX.XX[4500] (92 bytes) May 15 20:48:56 charon 221 07[IKE] <con-mobile|7384> AGGRESSIVE request with message ID 0 processing failed May 15 20:48:56 charon 221 07[NET] <con-mobile|7384> sending packet: from 83.126.xx.xx[500] to 82.42.xx.xx[500] (92 bytes) May 15 20:48:56 charon 221 07[ENC] <con-mobile|7384> generating INFORMATIONAL_V1 request 738198657 [ HASH N(PLD_MAL) ] May 15 20:48:56 charon 221 07[IKE] <con-mobile|7384> message parsing failed May 15 20:48:56 charon 221 07[ENC] <con-mobile|7384> could not decrypt payloads May 15 20:48:56 charon 221 07[ENC] <con-mobile|7384> invalid HASH_V1 payload length, decryption failed? May 15 20:48:56 charon 221 07[NET] <con-mobile|7384> received packet: from 82.42.xx.xx[4500] to 83.126.xx.xx[4500] (140 bytes) May 15 20:48:56 charon 221 07[NET] <con-mobile|7384> sending packet: from 83.126.xx.xx[500] to 82.42.xx.xx[500] (556 bytes) May 15 20:48:56 charon 221 07[ENC] <con-mobile|7384> generating AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D HASH ] May 15 20:48:56 charon 221 07[CFG] <7384> selected peer config "con-mobile" May 15 20:48:56 charon 221 07[CFG] <7384> looking for XAuthInitPSK peer configs matching 83.126.xx.xx...82.42.xx.xx[73:74:70:2d:70:30:31:40:68:6f:72:6e:62:69:6c:6c:2e:63:6f:6d] May 15 20:48:56 charon 221 07[CFG] <7384> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 May 15 20:48:56 charon 221 07[IKE] <7384> 82.42.xx.xx is initiating a Aggressive Mode IKE_SA May 15 20:48:56 charon 221 07[IKE] <7384> received Cisco Unity vendor ID May 15 20:48:56 charon 221 07[ENC] <7384> received unknown vendor ID: 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b May 15 20:48:56 charon 221 07[ENC] <7384> received unknown vendor ID: 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51 May 15 20:48:56 charon 221 07[ENC] <7384> received unknown vendor ID: f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26 May 15 20:48:56 charon 221 07[ENC] <7384> received unknown vendor ID: 3b:90:31:dc:e4:fc:f8:8b:48:9a:92:39:63:dd:0c:49 May 15 20:48:56 charon 221 07[IKE] <7384> received DPD vendor ID May 15 20:48:56 charon 221 07[IKE] <7384> received NAT-T (RFC 3947) vendor ID May 15 20:48:56 charon 221 07[IKE] <7384> received draft-ietf-ipsec-nat-t-ike-03 vendor ID May 15 20:48:56 charon 221 07[IKE] <7384> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID May 15 20:48:56 charon 221 07[ENC] <7384> received unknown vendor ID: 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62 May 15 20:48:56 charon 221 07[IKE] <7384> received draft-ietf-ipsec-nat-t-ike-00 vendor ID May 15 20:48:56 charon 221 07[IKE] <7384> received XAuth vendor ID May 15 20:48:56 charon 221 07[ENC] <7384> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V ] May 15 20:48:56 charon 221 07[NET] <7384> received packet: from 82.42.xx.xx[500] to 83.126.xx.xx[500] (636 bytes) May 1
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.