Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec with iPod worked before now it's not…

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      beakmyn
      last edited by

      My IPSec stopped working. So I reviewed the various guides and double checked everything. On my mobile device I get the message authentication failed.
      Here's the log files.
      Jul 28 20:46:19 racoon: [Self]: INFO: respond new phase 1 negotiation: 74.47.185.227[500]<=>61.148.255.138[500]
      Jul 28 20:46:19 racoon: INFO: begin Aggressive mode.
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: RFC 3947
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: CISCO-UNITY
      Jul 28 20:46:19 racoon: INFO: received Vendor ID: DPD
      Jul 28 20:46:19 racoon: [61.148.255.138] INFO: Selected NAT-T version: RFC 3947
      Jul 28 20:46:19 racoon: INFO: Adding remote and local NAT-D payloads.
      Jul 28 20:46:19 racoon: [61.148.255.138] INFO: Hashing 61.148.255.138[500] with algo #2
      Jul 28 20:46:19 racoon: [Self]: [74.47.185.227] INFO: Hashing 74.47.185.227[500] with algo #2
      Jul 28 20:46:19 racoon: INFO: Adding xauth VID payload.
      Jul 28 20:46:19 racoon: [Self]: INFO: NAT-T: ports changed to: 61.148.255.138[4500]<->74.47.185.227[4500]
      Jul 28 20:46:19 racoon: [Self]: [74.47.185.227] INFO: Hashing 74.47.185.227[4500] with algo #2
      Jul 28 20:46:19 racoon: INFO: NAT-D payload #0 verified
      Jul 28 20:46:19 racoon: [61.148.255.138] INFO: Hashing 61.148.255.138[4500] with algo #2
      Jul 28 20:46:19 racoon: INFO: NAT-D payload #1 doesn't match
      Jul 28 20:46:19 racoon: [61.148.255.138] ERROR: notification INITIAL-CONTACT received in aggressive exchange.B
      Jul 28 20:46:19 racoon: INFO: NAT detected: PEER
      Jul 28 20:46:19 racoon: INFO: Sending Xauth request
      Jul 28 20:46:19 racoon: [Self]: INFO: ISAKMP-SA established 74.47.185.227[4500]-61.148.255.138[4500] spi:5ae68325adff41e3:aada1db07c03b37c
      Jul 28 20:46:20 racoon: INFO: Using port 0
      Jul 28 20:46:20 racoon: INFO: login succeeded for user "remote"

      That last line seems to me it should work? Not sure what else to do. My PPTP VPN works (although I can't tunnel outside the home network) and Openvpn works too.

      Ideas? Not sure how to post conf file as all I have is iPod to work on.

      1 Reply Last reply Reply Quote 0
      • B
        beakmyn
        last edited by

        88 views and not 1 suggestion?

        I did some more testing and I've found that each time I try and connect the VPN service crashes!

        I VPN in through PPTP and restart the service
        Disconnect my PPTP connection
        Try and connect using IPsec
        On my iPod I get "authentication failed" message
        I reconnect usin PPTP
        And view the system log below

        Last 50 system log entries
        Aug 4 20:29:42 syslogd: kernel boot file is /boot/kernel/kernel
        Aug 4 20:32:01 php: /status_services.php: Forcefully reloading IPsec racoon daemon
        Aug 4 20:32:11 php: /status_services.php: Forcefully reloading IPsec racoon daemon
        Aug 4 20:35:25 kernel: pid 33182 (racoon), uid 0: exited on signal 11 (core dumped)

        This is an AMD64 2.0 release build.

        Does anybody have any questions, suggestions, requests for other data/logs?
        Just tell me what/where and I'll post it

        1 Reply Last reply Reply Quote 0
        • D
          dhatz
          last edited by

          Could you try testing this with pfsense 2.1-BETA?

          There have been a number of patches applied to ipsec-tools 0.8.0 (although several more patches have been commited to the ipsec-tools tree http://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/crypto/dist/ipsec-tools/src/ that haven't made it into pfsense yet)

          PS: You could also run racoon in high verbosity mode and check the discussions in
          http://sourceforge.net/mailarchive/forum.php?forum_name=ipsec-tools-commits

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.