Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What am I missing (IPsec Mobile)

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bob21
      last edited by

      I used the IPsec settings found here: http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558

      When I connect from my iPad it appears as though it connects fine, but I cannot connect to the internet or my local network and my pfsense box cannot ping my ipad.

      I have read every thread I could find on this topic and still have not found a solution. I started with 2.0 RC and have since upgraded to 2.0.2-RC3.

      I have added allow rules on the ipsec tab and the lan tab. protocols are set to any.

      Below is my log. It looks as though the tunnel comes up and then drops shortly after.

      Jul 23 19:04:42	racoon: [Self]: INFO: respond new phase 1 negotiation: yy.yy.yy.yyy[500]<=>xxx.xxx.xx.xx[61411]
      Jul 23 19:04:42	racoon: INFO: begin Aggressive mode.
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: RFC 3947
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: CISCO-UNITY
      Jul 23 19:04:42	racoon: INFO: received Vendor ID: DPD
      Jul 23 19:04:42	racoon: [xxx.xxx.xx.xx] INFO: Selected NAT-T version: RFC 3947
      Jul 23 19:04:42	racoon: INFO: Adding remote and local NAT-D payloads.
      Jul 23 19:04:42	racoon: [xxx.xxx.xx.xx] INFO: Hashing xxx.xxx.xx.xx[61411] with algo #2
      Jul 23 19:04:42	racoon: [Self]: [yy.yy.yy.yyy] INFO: Hashing yy.yy.yy.yyy[500] with algo #2
      Jul 23 19:04:42	racoon: INFO: Adding xauth VID payload.
      Jul 23 19:04:42	racoon: [Self]: INFO: NAT-T: ports changed to: xxx.xxx.xx.xx[39798]<->yy.yy.yy.yyy[4500]
      Jul 23 19:04:42	racoon: [Self]: [yy.yy.yy.yyy] INFO: Hashing yy.yy.yy.yyy[4500] with algo #2
      Jul 23 19:04:42	racoon: INFO: NAT-D payload #0 verified
      Jul 23 19:04:42	racoon: [xxx.xxx.xx.xx] INFO: Hashing xxx.xxx.xx.xx[39798] with algo #2
      Jul 23 19:04:42	racoon: INFO: NAT-D payload #1 doesn't match
      Jul 23 19:04:42	racoon: [xxx.xxx.xx.xx] ERROR: notification INITIAL-CONTACT received in aggressive exchange.
      Jul 23 19:04:42	racoon: INFO: NAT detected: PEER
      Jul 23 19:04:42	racoon: INFO: Sending Xauth request
      Jul 23 19:04:42	racoon: [Self]: INFO: ISAKMP-SA established yy.yy.yy.yyy[4500]-xxx.xxx.xx.xx[39798] spi:d3881b224acba406:43a4812992304458
      Jul 23 19:04:53	racoon: INFO: Using port 0
      Jul 23 19:04:53	racoon: INFO: login succeeded for user "XXXXX"
      Jul 23 19:04:54	racoon: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY
      Jul 23 19:04:54	racoon: WARNING: Ignored attribute 28683
      Jul 23 19:04:55	racoon: [Self]: INFO: respond new phase 2 negotiation: yy.yy.yy.yyy[4500]<=>xxx.xxx.xx.xx[39798]
      Jul 23 19:04:55	racoon: INFO: Update the generated policy : 192.168.11.1/32[0] 0.0.0.0/0[0] proto=any dir=in
      Jul 23 19:04:55	racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel
      Jul 23 19:04:55	racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)
      Jul 23 19:04:55	racoon: [Self]: INFO: IPsec-SA established: ESP yy.yy.yy.yyy4[500]->xxx.xxx.xx.xx[500] spi=103123866(0x6258b9a)
      Jul 23 19:04:55	racoon: [Self]: INFO: IPsec-SA established: ESP yy.yy.yy.yyy[500]->xxx.xxx.xx.xx[500] spi=22437668(0x1565f24)
      Jul 23 19:05:38	racoon: [xxx.xxx.xx.xx] ERROR: Wrong DPD sequence number (2765; last_ack=2765, seq=2765).
      Jul 23 19:09:43	racoon: INFO: purging ISAKMP-SA spi=d3881b224acba406:43a4812992304458:0000cb99.
      Jul 23 19:09:43	racoon: INFO: deleting a generated policy.
      Jul 23 19:09:43	racoon: INFO: purged IPsec-SA spi=103123866.
      Jul 23 19:09:43	racoon: INFO: purged ISAKMP-SA spi=d3881b224acba406:43a4812992304458:0000cb99.
      Jul 23 19:09:43	racoon: [Self]: INFO: ISAKMP-SA deleted yy.yy.yy.yyy[4500]-xxx.xxx.xx.xx[39798] spi:d3881b224acba406:43a4812992304458
      Jul 23 19:09:43	racoon: INFO: Released port 0
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.