Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Shrew and mobile ipsec: sending phase 1 packet and then timeout

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fluca1978
      last edited by

      Hi all,
      I'm trying to make shrew + mobile ipsec working. I've checked that from the client computer I can reach the pfsense box, I've checked the configuration of both shrew and pfsense and they seem correct. When I start a shrew connection (debug mode on) I see it sends three times a phase 1 packet and then aborts and the result is that the tunnel is not established due to timeout. Then I checked my firewall rules, that are not blocking the traffic, as well as ipsec logs that do not report nothing at all. It seems shrew is not connecting to the machine itself, but the ip address is correct and I can connect to the web interface, ssh, and ping the pfsense box. I've also tried disabling the packet filtering and placing a "pass all" rule in ipsec rules, but nothing. Other ipsec tunnels (not mobile) are working fine.
      Any idea on how to investigate the problem?

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        You could compare with http://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • F
          fluca1978
          last edited by

          That's exactly the howto I used to configure the ipsec tunnel…

          1 Reply Last reply Reply Quote 0
          • F
            fluca1978
            last edited by

            Is there a way to test ipsec connectivity without using shrew? I mean, does a telnet on the 500 port suffice to say that the tunnel could be available?
            I'm still having this issue and what is strange is that if I configure shrew from a pc behind the firewall, the tunnel is activated. So this means there could be some kind of connectivity problem from the outside world, but as I said, I can ping/ssh/web the firewall from the remote side (the one the tunnel must start from).
            Any suggestion?

            Thanks

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.