Vpn wont connect…



  • hello everybody!
    i'm trying to setup vpn between pfsense and linksys befvp41. both have static ip's.
    on the pfsense box i checked [allow ipsec] and [mobile users] then did settings for mobile users.
    this is what i get in the vpn log on the linksys:
    00:02:48
    00:02:48 IKE[3] Tx >> MM_I1 : [pfsense_public_ip] SA
    00:02:48 IKE[3] Rx << MM_R1 : [pfsense_public_ip] SA, VID
    00:02:48 IKE[3] ISAKMP SA CKI=[c3ca533e f69fd1a] CKR=[cf230972 5a6ef367]
    00:02:48 IKE[3] ISAKMP SA 3DES / MD5 / PreShared / MODP_1024 / 3600 sec (*3600 sec)
    00:02:48 IKE[3] Tx >> MM_I2 : [pfsense_public_ip] KE, NONCE
    00:02:49 IKE[3] Rx << MM_R2 : [pfsense_public_ip] KE, NONCE
    00:02:49 IKE[3] Tx >> MM_I3 : [pfsense_public_ip] ID, HASH
    00:03:00
    00:03:00 IKE[3] Tx >> MM_I1 : [pfsense_public_ip] SA
    00:03:00 IKE[3] Rx << MM_R1 : [pfsense_public_ip] SA, VID
    00:03:00 IKE[3] ISAKMP SA CKI=[6118bac3 bdbf3b6a] CKR=[dc127f15 cf70e7fc]
    00:03:00 IKE[3] ISAKMP SA 3DES / MD5 / PreShared / MODP_1024 / 3600 sec (*3600 sec)
    00:03:00 IKE[3] Tx >> MM_I2 : [pfsense_public_ip] KE, NONCE
    00:03:00 IKE[3] Rx << MM_R2 : [pfsense_public_ip] KE, NONCE
    00:03:00 IKE[3] Tx >> MM_I3 : [pfsense_public_ip] ID, HASH
    00:03:30
    00:03:30 IKE[3] Tx >> MM_I1 : [pfsense_public_ip] SA
    00:03:30 IKE[3] Rx << MM_R1 : [pfsense_public_ip] SA, VID
    00:03:30 IKE[3] ISAKMP SA CKI=[863bbb5 f31ffe7c] CKR=[dc484b94 e9d400df]
    00:03:30 IKE[3] ISAKMP SA 3DES / MD5 / PreShared / MODP_1024 / 3600 sec (*3600 sec)
    00:03:30 IKE[3] Tx >> MM_I2 : [pfsense_public_ip] KE, NONCE
    00:03:30 IKE[3] Rx << MM_R2 : [pfsense_public_ip] KE, NONCE
    00:03:30 IKE[3] Tx >> MM_I3 : [pfsense_public_ip] ID, HASH

    and there is no vpn going on between these two boxes…



  • Probably more useful to post the ipsec logs from pfsense.



  • ok, looks like my linksysbefvp41 uses it public ip as identifier and i can't find the way to change it. so i guess there are only two options for me here:
    1. setup tunnels for each remote location that i have
    or
    2. use mobile clients setup and enter identifier for each remote location with their public ip's

    … that sucks  :(



  • Does it use mainmode? If yes try using agressive. Maybe you get more options then.


Log in to reply