Have trouble to access Office pfsense IPsec setup, please help

HKFEVER

Not able to access, anyone can help?
Keep showing up:
charon 16883 06[ENC] <54> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
charon 16883 06[IKE] <54> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
charon 16883 06[CFG] <54> no matching peer config found
charon 16883 06[CFG] <54> looking for peer configs matching 59.148.36.162[59.148.36.162]...138.19.96.68[138.19.96.68]

Not sure why shows generating IKE_AUTH response 1 [ N(AUTH_FAILED) ], as I am sure the name and password are correct!
Not sure how to fix: no matching peer config found

The following is the log:

Aug 27 02:19:44 charon 16883 06[IKE] <54> IKE_SA (unnamed)[54] state change: CONNECTING => DESTROYING
Aug 27 02:19:44 charon 16883 06[NET] <54> sending packet: from 59.148.36.162[4500] to 138.19.96.68[4500] (80 bytes)
Aug 27 02:19:44 charon 16883 06[ENC] <54> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Aug 27 02:19:44 charon 16883 06[IKE] <54> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Aug 27 02:19:44 charon 16883 06[CFG] <54> no matching peer config found
Aug 27 02:19:44 charon 16883 06[CFG] <54> looking for peer configs matching 59.148.36.162[59.148.36.162]...138.19.96.68[138.19.96.68]
Aug 27 02:19:44 charon 16883 06[IKE] <54> remote endpoint changed from 138.19.96.68[500] to 138.19.96.68[4500]
Aug 27 02:19:44 charon 16883 06[IKE] <54> local endpoint changed from 59.148.36.162[500] to 59.148.36.162[4500]
Aug 27 02:19:44 charon 16883 06[ENC] <54> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Aug 27 02:19:44 charon 16883 06[NET] <54> received packet: from 138.19.96.68[4500] to 59.148.36.162[4500] (272 bytes)
Aug 27 02:19:44 charon 16883 06[NET] <54> sending packet: from 59.148.36.162[500] to 138.19.96.68[500] (472 bytes)
Aug 27 02:19:44 charon 16883 06[ENC] <54> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Aug 27 02:19:44 charon 16883 06[CFG] <54> sending supported signature hash algorithms: sha256 sha384 sha512 identity
Aug 27 02:19:44 charon 16883 06[IKE] <54> faking NAT situation to enforce UDP encapsulation
Aug 27 02:19:44 charon 16883 06[CFG] <54> received supported signature hash algorithms: sha256 sha384 sha512 identity
Aug 27 02:19:44 charon 16883 06[CFG] <54> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 27 02:19:44 charon 16883 06[CFG] <54> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 27 02:19:44 charon 16883 06[CFG] <54> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 27 02:19:44 charon 16883 06[CFG] <54> proposal matches
Aug 27 02:19:44 charon 16883 06[CFG] <54> selecting proposal:
Aug 27 02:19:44 charon 16883 06[IKE] <54> IKE_SA (unnamed)[54] state change: CREATED => CONNECTING
Aug 27 02:19:44 charon 16883 06[IKE] <54> 138.19.96.68 is initiating an IKE_SA
Aug 27 02:19:44 charon 16883 06[IKE] <54> remote endpoint changed from 0.0.0.0 to 138.19.96.68[500]
Aug 27 02:19:44 charon 16883 06[IKE] <54> local endpoint changed from 0.0.0.0[500] to 59.148.36.162[500]
Aug 27 02:19:44 charon 16883 06[CFG] <54> found matching ike config: 59.148.36.162...0.0.0.0/0, ::/0 with prio 1052
Aug 27 02:19:44 charon 16883 06[CFG] <54> candidate: 59.148.36.162...0.0.0.0/0, ::/0, prio 1052
Aug 27 02:19:44 charon 16883 06[CFG] <54> looking for an IKEv2 config for 59.148.36.162...138.19.96.68
Aug 27 02:19:44 charon 16883 06[ENC] <54> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 27 02:19:44 charon 16883 06[NET] <54> received packet: from 138.19.96.68[500] to 59.148.36.162[500] (464 bytes)

HKFEVER

@HKFEVER

I changed to to cert. But still can't connect:

**Aug 27 22:07:32 charon 84011 12[IKE] <221> received proposals unacceptable
Aug 27 22:07:32 charon 84011 12[CFG] <221> received supported signature hash algorithms: sha256 sha384 sha512 identity

Aug 27 22:07:32 charon 84011 12[CFG] <221> no acceptable ENCRYPTION_ALGORITHM found**

The following is the log:
Aug 27 22:07:32 charon 84011 12[IKE] <221> IKE_SA (unnamed)[221] state change: CONNECTING => DESTROYING
Aug 27 22:07:32 charon 84011 12[NET] <221> sending packet: from 59.148.36.162[500] to 138.19.96.68[500] (36 bytes)
Aug 27 22:07:32 charon 84011 12[ENC] <221> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Aug 27 22:07:32 charon 84011 12[IKE] <221> received proposals unacceptable
Aug 27 22:07:32 charon 84011 12[CFG] <221> received supported signature hash algorithms: sha256 sha384 sha512 identity
Aug 27 22:07:32 charon 84011 12[CFG] <221> candidate: 59.148.36.162...0.0.0.0/0, ::/0, prio 1052
Aug 27 22:07:32 charon 84011 12[CFG] <221> looking for IKEv2 configs for 59.148.36.162...138.19.96.68
Aug 27 22:07:32 charon 84011 12[CFG] <221> configured proposals: IKE:AES_GCM_16_128/PRF_HMAC_SHA1/MODP_1024
Aug 27 22:07:32 charon 84011 12[CFG] <221> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 27 22:07:32 charon 84011 12[CFG] <221> no acceptable ENCRYPTION_ALGORITHM found
Aug 27 22:07:32 charon 84011 12[CFG] <221> selecting proposal:
Aug 27 22:07:32 charon 84011 12[IKE] <221> IKE_SA (unnamed)[221] state change: CREATED => CONNECTING
Aug 27 22:07:32 charon 84011 12[IKE] <221> 138.19.96.68 is initiating an IKE_SA
Aug 27 22:07:32 charon 84011 12[IKE] <221> remote endpoint changed from 0.0.0.0 to 138.19.96.68[500]
Aug 27 22:07:32 charon 84011 12[IKE] <221> local endpoint changed from 0.0.0.0[500] to 59.148.36.162[500]
Aug 27 22:07:32 charon 84011 12[CFG] <221> found matching ike config: 59.148.36.162...0.0.0.0/0, ::/0 with prio 1052
Aug 27 22:07:32 charon 84011 12[CFG] <221> candidate: 59.148.36.162...0.0.0.0/0, ::/0, prio 1052
Aug 27 22:07:32 charon 84011 12[CFG] <221> looking for an IKEv2 config for 59.148.36.162...138.19.96.68
Aug 27 22:07:32 charon 84011 12[ENC] <221> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 27 22:07:32 charon 84011 12[NET] <221> received packet: from 138.19.96.68[500] to 59.148.36.162[500] (464 bytes)
Aug 27 22:07:10 charon 84011 12[IKE] <220> IKE_SA (unnamed)[220] state change: CONNECTING => DESTROYING
Aug 27 22:07:10 charon 84011 12[NET] <220> sending packet: from 59.148.36.162[500] to 138.19.96.68[500] (36 bytes)
Aug 27 22:07:10 charon 84011 12[ENC] <220> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Aug 27 22:07:10 charon 84011 12[IKE] <220> received proposals unacceptable
Aug 27 22:07:10 charon 84011 12[CFG] <220> received supported signature hash algorithms: sha256 sha384 sha512 identity
Aug 27 22:07:10 charon 84011 12[CFG] <220> candidate: 59.148.36.162...0.0.0.0/0, ::/0, prio 1052
Aug 27 22:07:10 charon 84011 12[CFG] <220> looking for IKEv2 configs for 59.148.36.162...138.19.96.68
Aug 27 22:07:10 charon 84011 12[CFG] <220> configured proposals: IKE:AES_GCM_16_128/PRF_HMAC_SHA1/MODP_1024
Aug 27 22:07:10 charon 84011 12[CFG] <220> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 27 22:07:10 charon 84011 12[CFG] <220> no acceptable ENCRYPTION_ALGORITHM found
Aug 27 22:07:10 charon 84011 12[CFG] <220> selecting proposal:
Aug 27 22:07:10 charon 84011 12[IKE] <220> IKE_SA (unnamed)[220] state change: CREATED => CONNECTING
Aug 27 22:07:10 charon 84011 12[IKE] <220> 138.19.96.68 is initiating an IKE_SA
Aug 27 22:07:10 charon 84011 12[IKE] <220> remote endpoint changed from 0.0.0.0 to 138.19.96.68[500]
Aug 27 22:07:10 charon 84011 12[IKE] <220> local endpoint changed from 0.0.0.0[500] to 59.148.36.162[500]
Aug 27 22:07:10 charon 84011 12[CFG] <220> found matching ike config: 59.148.36.162...0.0.0.0/0, ::/0 with prio 1052
Aug 27 22:07:10 charon 84011 12[CFG] <220> candidate: 59.148.36.162...0.0.0.0/0, ::/0, prio 1052
Aug 27 22:07:10 charon 84011 12[CFG] <220> looking for an IKEv2 config for 59.148.36.162...138.19.96.68
Aug 27 22:07:10 charon 84011 12[ENC] <220> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 27 22:07:10 charon 84011 12[NET] <220> received packet: from 138.19.96.68[500] to 59.148.36.162[500] (464 bytes)

viragomann

@HKFEVER
Seems your encryption settings of both sites do not match.

HKFEVER

@viragomann

Solved :) Thx

HKFEVER

@HKFEVER
Fail, if I try to connect Office's pfsense IPsec from WIN11 through Home router gateway with NordVPN on!
OK, if I connect Office's pfsense IPsec from WIN11 through Home router gateway with NordVPN off :)

But then after connected:

1. WIN11's gateway becomes Office's pfsense default gateway. which don't exit out through Office's pfSense's NordVPN setup!
2. If I un-checked "Use default gateway on remote network" in WIN11's ADVANCE TCP/IP Setting, then the gateway will become WIN11's NIC gateway. Which in theory, I can use NordVPN app in WIN11. I didn't try yet, as too busy :(

Here is the new question:
How can I set the WIN11's Internet request to go through "home or some cafeshop's" gateway to Office's pfSense and exit out to internet through Office pfsense's NordVPN setup?

I have send too long to figure out the rules in pfSense and still no go. May be need to find professional help :(