Vpn wont connect…

covex

hello everybody!
i'm trying to setup vpn between pfsense and linksys befvp41. both have static ip's.
on the pfsense box i checked [allow ipsec] and [mobile users] then did settings for mobile users.
this is what i get in the vpn log on the linksys:
00:02:48
00:02:48 IKE[3] Tx >> MM_I1 : [pfsense_public_ip] SA
00:02:48 IKE[3] Rx << MM_R1 : [pfsense_public_ip] SA, VID
00:02:48 IKE[3] ISAKMP SA CKI=[c3ca533e f69fd1a] CKR=[cf230972 5a6ef367]
00:02:48 IKE[3] ISAKMP SA 3DES / MD5 / PreShared / MODP_1024 / 3600 sec (*3600 sec)
00:02:48 IKE[3] Tx >> MM_I2 : [pfsense_public_ip] KE, NONCE
00:02:49 IKE[3] Rx << MM_R2 : [pfsense_public_ip] KE, NONCE
00:02:49 IKE[3] Tx >> MM_I3 : [pfsense_public_ip] ID, HASH
00:03:00
00:03:00 IKE[3] Tx >> MM_I1 : [pfsense_public_ip] SA
00:03:00 IKE[3] Rx << MM_R1 : [pfsense_public_ip] SA, VID
00:03:00 IKE[3] ISAKMP SA CKI=[6118bac3 bdbf3b6a] CKR=[dc127f15 cf70e7fc]
00:03:00 IKE[3] ISAKMP SA 3DES / MD5 / PreShared / MODP_1024 / 3600 sec (*3600 sec)
00:03:00 IKE[3] Tx >> MM_I2 : [pfsense_public_ip] KE, NONCE
00:03:00 IKE[3] Rx << MM_R2 : [pfsense_public_ip] KE, NONCE
00:03:00 IKE[3] Tx >> MM_I3 : [pfsense_public_ip] ID, HASH
00:03:30
00:03:30 IKE[3] Tx >> MM_I1 : [pfsense_public_ip] SA
00:03:30 IKE[3] Rx << MM_R1 : [pfsense_public_ip] SA, VID
00:03:30 IKE[3] ISAKMP SA CKI=[863bbb5 f31ffe7c] CKR=[dc484b94 e9d400df]
00:03:30 IKE[3] ISAKMP SA 3DES / MD5 / PreShared / MODP_1024 / 3600 sec (*3600 sec)
00:03:30 IKE[3] Tx >> MM_I2 : [pfsense_public_ip] KE, NONCE
00:03:30 IKE[3] Rx << MM_R2 : [pfsense_public_ip] KE, NONCE
00:03:30 IKE[3] Tx >> MM_I3 : [pfsense_public_ip] ID, HASH

and there is no vpn going on between these two boxes…

cubsfan

Probably more useful to post the ipsec logs from pfsense.

covex

ok, looks like my linksysbefvp41 uses it public ip as identifier and i can't find the way to change it. so i guess there are only two options for me here:
1. setup tunnels for each remote location that i have
or
2. use mobile clients setup and enter identifier for each remote location with their public ip's

… that sucks  :(

hoba

Does it use mainmode? If yes try using agressive. Maybe you get more options then.