Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN IPSEC IKEv2 Client Not Working

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 425 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thiagok
      last edited by

      Hi, how are you?

      I have set a VPN IPSEC client to site with FreeRadius but it is not working:

      Jun 9 23:52:20 charon 68813 09[IKE] <con-mobile|970> tried 1 shared key for '%any' - '177.67.63.254', but MAC mismatched
      Jun 9 23:52:20 charon 68813 09[ENC] <con-mobile|970> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]

      Jun 9 23:52:20 charon 68813 09[NET] <970> received packet: from 177.67.63.254[500] to 172.31.230.5[500] (424 bytes)
      Jun 9 23:52:20 charon 68813 09[ENC] <970> parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) ]
      Jun 9 23:52:20 charon 68813 09[CFG] <970> looking for an IKEv2 config for 172.31.230.5...177.67.63.254
      Jun 9 23:52:20 charon 68813 09[CFG] <970> candidate: 172.31.230.5...0.0.0.0/0, ::/0, prio 1052
      Jun 9 23:52:20 charon 68813 09[CFG] <970> found matching ike config: 172.31.230.5...0.0.0.0/0, ::/0 with prio 1052
      Jun 9 23:52:20 charon 68813 09[IKE] <970> local endpoint changed from 0.0.0.0[500] to 172.31.230.5[500]
      Jun 9 23:52:20 charon 68813 09[IKE] <970> remote endpoint changed from 0.0.0.0 to 177.67.63.254[500]
      Jun 9 23:52:20 charon 68813 09[IKE] <970> 177.67.63.254 is initiating an IKE_SA
      Jun 9 23:52:20 charon 68813 09[IKE] <970> IKE_SA (unnamed)[970] state change: CREATED => CONNECTING
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable INTEGRITY_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable DIFFIE_HELLMAN_GROUP found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable ENCRYPTION_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> no acceptable INTEGRITY_ALGORITHM found
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selecting proposal:
      Jun 9 23:52:20 charon 68813 09[CFG] <970> proposal matches
      Jun 9 23:52:20 charon 68813 09[CFG] <970> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
      Jun 9 23:52:20 charon 68813 09[CFG] <970> configured proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_4096, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
      Jun 9 23:52:20 charon 68813 09[CFG] <970> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
      Jun 9 23:52:20 charon 68813 09[IKE] <970> sending cert request for "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
      Jun 9 23:52:20 charon 68813 09[IKE] <970> sending cert request for "C=US, O=Let's Encrypt, CN=R3"
      Jun 9 23:52:20 charon 68813 09[ENC] <970> generating IKE_SA_INIT response 0 [ SA KE No CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
      Jun 9 23:52:20 charon 68813 09[NET] <970> sending packet: from 172.31.230.5[500] to 177.67.63.254[500] (317 bytes)
      Jun 9 23:52:20 charon 68813 09[NET] <970> received packet: from 177.67.63.254[500] to 172.31.230.5[500] (432 bytes)
      Jun 9 23:52:20 charon 68813 09[ENC] <970> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) AUTH N(MSG_ID_SYN_SUP) SA TSi TSr ]
      Jun 9 23:52:20 charon 68813 09[CFG] <970> looking for peer configs matching 172.31.230.5[%any]...177.67.63.254[177.67.63.254]
      Jun 9 23:52:20 charon 68813 09[CFG] <970> candidate "con-mobile", match: 1/1/1052 (me/other/ike)
      Jun 9 23:52:20 charon 68813 09[CFG] <con-mobile|970> selected peer config 'con-mobile'
      Jun 9 23:52:20 charon 68813 09[IKE] <con-mobile|970> tried 1 shared key for '%any' - '177.67.63.254', but MAC mismatched
      Jun 9 23:52:20 charon 68813 09[ENC] <con-mobile|970> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
      Jun 9 23:52:20 charon 68813 09[NET] <con-mobile|970> sending packet: from 172.31.230.5[500] to 177.67.63.254[500] (80 bytes)
      Jun 9 23:52:20 charon 68813 09[IKE] <con-mobile|970> IKE_SA con-mobile[970] state change: CONNECTING => DESTROYING

      Thanks in advanced.

      Cheers,

      Thiago.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.