What am I missing (IPsec Mobile)



  • I used the IPsec settings found here: http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558

    When I connect from my iPad it appears as though it connects fine, but I cannot connect to the internet or my local network and my pfsense box cannot ping my ipad.

    I have read every thread I could find on this topic and still have not found a solution. I started with 2.0 RC and have since upgraded to 2.0.2-RC3.

    I have added allow rules on the ipsec tab and the lan tab. protocols are set to any.

    Below is my log. It looks as though the tunnel comes up and then drops shortly after.

    Jul 23 19:04:42	racoon: [Self]: INFO: respond new phase 1 negotiation: yy.yy.yy.yyy[500]<=>xxx.xxx.xx.xx[61411]
    Jul 23 19:04:42	racoon: INFO: begin Aggressive mode.
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: RFC 3947
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: CISCO-UNITY
    Jul 23 19:04:42	racoon: INFO: received Vendor ID: DPD
    Jul 23 19:04:42	racoon: [xxx.xxx.xx.xx] INFO: Selected NAT-T version: RFC 3947
    Jul 23 19:04:42	racoon: INFO: Adding remote and local NAT-D payloads.
    Jul 23 19:04:42	racoon: [xxx.xxx.xx.xx] INFO: Hashing xxx.xxx.xx.xx[61411] with algo #2
    Jul 23 19:04:42	racoon: [Self]: [yy.yy.yy.yyy] INFO: Hashing yy.yy.yy.yyy[500] with algo #2
    Jul 23 19:04:42	racoon: INFO: Adding xauth VID payload.
    Jul 23 19:04:42	racoon: [Self]: INFO: NAT-T: ports changed to: xxx.xxx.xx.xx[39798]<->yy.yy.yy.yyy[4500]
    Jul 23 19:04:42	racoon: [Self]: [yy.yy.yy.yyy] INFO: Hashing yy.yy.yy.yyy[4500] with algo #2
    Jul 23 19:04:42	racoon: INFO: NAT-D payload #0 verified
    Jul 23 19:04:42	racoon: [xxx.xxx.xx.xx] INFO: Hashing xxx.xxx.xx.xx[39798] with algo #2
    Jul 23 19:04:42	racoon: INFO: NAT-D payload #1 doesn't match
    Jul 23 19:04:42	racoon: [xxx.xxx.xx.xx] ERROR: notification INITIAL-CONTACT received in aggressive exchange.
    Jul 23 19:04:42	racoon: INFO: NAT detected: PEER
    Jul 23 19:04:42	racoon: INFO: Sending Xauth request
    Jul 23 19:04:42	racoon: [Self]: INFO: ISAKMP-SA established yy.yy.yy.yyy[4500]-xxx.xxx.xx.xx[39798] spi:d3881b224acba406:43a4812992304458
    Jul 23 19:04:53	racoon: INFO: Using port 0
    Jul 23 19:04:53	racoon: INFO: login succeeded for user "XXXXX"
    Jul 23 19:04:54	racoon: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY
    Jul 23 19:04:54	racoon: WARNING: Ignored attribute 28683
    Jul 23 19:04:55	racoon: [Self]: INFO: respond new phase 2 negotiation: yy.yy.yy.yyy[4500]<=>xxx.xxx.xx.xx[39798]
    Jul 23 19:04:55	racoon: INFO: Update the generated policy : 192.168.11.1/32[0] 0.0.0.0/0[0] proto=any dir=in
    Jul 23 19:04:55	racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel
    Jul 23 19:04:55	racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)
    Jul 23 19:04:55	racoon: [Self]: INFO: IPsec-SA established: ESP yy.yy.yy.yyy4[500]->xxx.xxx.xx.xx[500] spi=103123866(0x6258b9a)
    Jul 23 19:04:55	racoon: [Self]: INFO: IPsec-SA established: ESP yy.yy.yy.yyy[500]->xxx.xxx.xx.xx[500] spi=22437668(0x1565f24)
    Jul 23 19:05:38	racoon: [xxx.xxx.xx.xx] ERROR: Wrong DPD sequence number (2765; last_ack=2765, seq=2765).
    Jul 23 19:09:43	racoon: INFO: purging ISAKMP-SA spi=d3881b224acba406:43a4812992304458:0000cb99.
    Jul 23 19:09:43	racoon: INFO: deleting a generated policy.
    Jul 23 19:09:43	racoon: INFO: purged IPsec-SA spi=103123866.
    Jul 23 19:09:43	racoon: INFO: purged ISAKMP-SA spi=d3881b224acba406:43a4812992304458:0000cb99.
    Jul 23 19:09:43	racoon: [Self]: INFO: ISAKMP-SA deleted yy.yy.yy.yyy[4500]-xxx.xxx.xx.xx[39798] spi:d3881b224acba406:43a4812992304458
    Jul 23 19:09:43	racoon: INFO: Released port 0
    

Log in to reply