What am I missing (IPsec Mobile)
-
I used the IPsec settings found here: http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558
When I connect from my iPad it appears as though it connects fine, but I cannot connect to the internet or my local network and my pfsense box cannot ping my ipad.
I have read every thread I could find on this topic and still have not found a solution. I started with 2.0 RC and have since upgraded to 2.0.2-RC3.
I have added allow rules on the ipsec tab and the lan tab. protocols are set to any.
Below is my log. It looks as though the tunnel comes up and then drops shortly after.
Jul 23 19:04:42 racoon: [Self]: INFO: respond new phase 1 negotiation: yy.yy.yy.yyy[500]<=>xxx.xxx.xx.xx[61411] Jul 23 19:04:42 racoon: INFO: begin Aggressive mode. Jul 23 19:04:42 racoon: INFO: received Vendor ID: RFC 3947 Jul 23 19:04:42 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08 Jul 23 19:04:42 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07 Jul 23 19:04:42 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06 Jul 23 19:04:42 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05 Jul 23 19:04:42 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04 Jul 23 19:04:42 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 Jul 23 19:04:42 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Jul 23 19:04:42 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Jul 23 19:04:42 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt Jul 23 19:04:42 racoon: INFO: received Vendor ID: CISCO-UNITY Jul 23 19:04:42 racoon: INFO: received Vendor ID: DPD Jul 23 19:04:42 racoon: [xxx.xxx.xx.xx] INFO: Selected NAT-T version: RFC 3947 Jul 23 19:04:42 racoon: INFO: Adding remote and local NAT-D payloads. Jul 23 19:04:42 racoon: [xxx.xxx.xx.xx] INFO: Hashing xxx.xxx.xx.xx[61411] with algo #2 Jul 23 19:04:42 racoon: [Self]: [yy.yy.yy.yyy] INFO: Hashing yy.yy.yy.yyy[500] with algo #2 Jul 23 19:04:42 racoon: INFO: Adding xauth VID payload. Jul 23 19:04:42 racoon: [Self]: INFO: NAT-T: ports changed to: xxx.xxx.xx.xx[39798]<->yy.yy.yy.yyy[4500] Jul 23 19:04:42 racoon: [Self]: [yy.yy.yy.yyy] INFO: Hashing yy.yy.yy.yyy[4500] with algo #2 Jul 23 19:04:42 racoon: INFO: NAT-D payload #0 verified Jul 23 19:04:42 racoon: [xxx.xxx.xx.xx] INFO: Hashing xxx.xxx.xx.xx[39798] with algo #2 Jul 23 19:04:42 racoon: INFO: NAT-D payload #1 doesn't match Jul 23 19:04:42 racoon: [xxx.xxx.xx.xx] ERROR: notification INITIAL-CONTACT received in aggressive exchange. Jul 23 19:04:42 racoon: INFO: NAT detected: PEER Jul 23 19:04:42 racoon: INFO: Sending Xauth request Jul 23 19:04:42 racoon: [Self]: INFO: ISAKMP-SA established yy.yy.yy.yyy[4500]-xxx.xxx.xx.xx[39798] spi:d3881b224acba406:43a4812992304458 Jul 23 19:04:53 racoon: INFO: Using port 0 Jul 23 19:04:53 racoon: INFO: login succeeded for user "XXXXX" Jul 23 19:04:54 racoon: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY Jul 23 19:04:54 racoon: WARNING: Ignored attribute 28683 Jul 23 19:04:55 racoon: [Self]: INFO: respond new phase 2 negotiation: yy.yy.yy.yyy[4500]<=>xxx.xxx.xx.xx[39798] Jul 23 19:04:55 racoon: INFO: Update the generated policy : 192.168.11.1/32[0] 0.0.0.0/0[0] proto=any dir=in Jul 23 19:04:55 racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel Jul 23 19:04:55 racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1) Jul 23 19:04:55 racoon: [Self]: INFO: IPsec-SA established: ESP yy.yy.yy.yyy4[500]->xxx.xxx.xx.xx[500] spi=103123866(0x6258b9a) Jul 23 19:04:55 racoon: [Self]: INFO: IPsec-SA established: ESP yy.yy.yy.yyy[500]->xxx.xxx.xx.xx[500] spi=22437668(0x1565f24) Jul 23 19:05:38 racoon: [xxx.xxx.xx.xx] ERROR: Wrong DPD sequence number (2765; last_ack=2765, seq=2765). Jul 23 19:09:43 racoon: INFO: purging ISAKMP-SA spi=d3881b224acba406:43a4812992304458:0000cb99. Jul 23 19:09:43 racoon: INFO: deleting a generated policy. Jul 23 19:09:43 racoon: INFO: purged IPsec-SA spi=103123866. Jul 23 19:09:43 racoon: INFO: purged ISAKMP-SA spi=d3881b224acba406:43a4812992304458:0000cb99. Jul 23 19:09:43 racoon: [Self]: INFO: ISAKMP-SA deleted yy.yy.yy.yyy[4500]-xxx.xxx.xx.xx[39798] spi:d3881b224acba406:43a4812992304458 Jul 23 19:09:43 racoon: INFO: Released port 0