IPSEC from Andoird ICS (samsung s3) to pfsense 2 problem



  • hi,
        i cannot connect using my samsung s3 with android ics to connect on pfsense ipsec vpn with the following setup. i have read and follow the mobile ipsec here on pfsense doc. but i have done it without success. any help is appreciated.

    here is my setup.
        i am using a modem router with ip 192.168.1.1 .
        on router i enabled DMZ to 192.168.1.150

    pfsense WAN ip 192.168.1.150
                    LAN ip 192.168.254.5

    @pfsense ipsec
          A. mobile client
                enable ipsec mobile client support - checked
                user authentication - system
                group authentication -system
                provide a virtual ip address to clients - checked
                      network 192.168.253.0/24

    B. Phase 1
                interface WAN
                authentication mode: mutual psk + xauth
                negotiation mode: aggressive
                my identifier: My Ip address
                Peer identifier:  User distinguished name    user@vpn.com
                pre shared key      abcdef
                policy generation  unique
                proposal checking  strict
                Encryption algorithm AES 128bits
                Hash algorithm SHA1
                DH key group 2
                lifetime  86400
                Nat transversal  Force
                dead peer detection  enabled

    C. Phase 2
                  mode  tunnel
                  local network:  type - network
                                        address - 192.168.254.0/24

    protocol  - ESP
                  encryption algorithm -AES 128
                  Hash algorithm - SHA1
                  PFS key group - off
                  lifetime -28800


  • Rebel Alliance Developer Netgate

    What shows up in the IPsec log when you try to connect?

    What client settings are you using exactly?

    What error shows up on the client?

    Is the username and password you're using valid? (Check System > User Manager, make sure the user exists and has the IPsec dialin permission)


Locked