IPsec mobile clients stop connecting after adding an additional site-to-site entry
-
I have a “Main Site (pfSense 2.5.1)” and a “Remote Site 1 (pfsense 2.5.1)” connected via a site-to-site IPsec tunnel.
I also have on the “Main Site” IPsec mobile client support enabled.
Everything is working as expected.When I add an additional site-to-site phase 1 entry to a “Remote Site 2” the mobile clients (Android phones and tablets) are no longer able to connect. As I already had a preexisting site-to-site tunnel, I would not think adding additional ones would be an issue. I am having the issues as soon as I add the phase 1 entry for an additional tunnel. Are there any know issues?
The preexisting site-to-site tunnel Details:
Key Exchange version: IKEv2
Internet Protocol: IPv4
Phase 1 Authentication Method: Mutual PSK
My identifier: My IP address
Peer identifier: Peer IP address
Encryption Algorithm: AES 256
Key length: SHA256
Hash: 14 (2048 bit)
Life Time: 28800
NAT Traversal: Auto
MOBIKE: Disable
Dead Peer Detection: Enabled
Delay: 10
Max failures: 5
It has 6 phase 2 entries all using AES 256 with SHA256 as Auth MethodIPsec Mobile Settings Details:
I am using a Pre-Shared key and users authenticate of a local database “User - VPN: IPsec xauth Dialin”.
Key Exchange version: IKEv1
Internet Protocol: IPv4
Authentication Method: Mutual PSK + Xauth
Negotiation mode: Aggressive
My identifier: My IP address
Peer identifier: A Distinguished name Text String
Pre-Shared Key: Some Text Other Text String
Encryption Algorithm:
AES 128, SHA1 2 (1024 bit)
3DES
Key Length: MD5
Hash: 2 (1024 bit)
Lifetime: 86400
Child SA Close Action: Default
NAT Traversal: Force
Dead Peer Detection: Enabled
Delay: 90
Max failures: 5