Shrew and mobile ipsec: sending phase 1 packet and then timeout
-
Hi all,
I'm trying to make shrew + mobile ipsec working. I've checked that from the client computer I can reach the pfsense box, I've checked the configuration of both shrew and pfsense and they seem correct. When I start a shrew connection (debug mode on) I see it sends three times a phase 1 packet and then aborts and the result is that the tunnel is not established due to timeout. Then I checked my firewall rules, that are not blocking the traffic, as well as ipsec logs that do not report nothing at all. It seems shrew is not connecting to the machine itself, but the ip address is correct and I can connect to the web interface, ssh, and ping the pfsense box. I've also tried disabling the packet filtering and placing a "pass all" rule in ipsec rules, but nothing. Other ipsec tunnels (not mobile) are working fine.
Any idea on how to investigate the problem?
-
You could compare with http://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To
-
That's exactly the howto I used to configure the ipsec tunnel…
-
Is there a way to test ipsec connectivity without using shrew? I mean, does a telnet on the 500 port suffice to say that the tunnel could be available?
I'm still having this issue and what is strange is that if I configure shrew from a pc behind the firewall, the tunnel is activated. So this means there could be some kind of connectivity problem from the outside world, but as I said, I can ping/ssh/web the firewall from the remote side (the one the tunnel must start from).
Any suggestion?Thanks