Mobile IPsec cant pass any traffic…



  • Ok I have searched a million times and tried everything I can think of and everything I have found on this forum and others and I just can't get mobile IPsec to work… I am able to connect to my VPN server from my Macbook and iPhone but I can pass NO traffic to the LAN/WAN or even ping the pfSense box itself... box is a firebox x500 running 2g image latest stable 2.0.1-RELEASE (i386)

    it also sees the SafeNet SafeXcel-1141 hardware crypto card that was in the firebox

    I followed this guide EXACTLY

    http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0

    my firewall rules for IPsec are all any/any/any/any/any/any

    LAN Subnet and subnet in the mobile clients IPsec config page ARE different as noted in the installation guide...

    I have tried all sors of combinations of the policy generation and proposal checking, from the unique/strict in the guide, to unique/obey, on/obey, on/strict, default/default, on/default etc etc

    192.168.254.0/24 is LAN
    192.168.250.0/24 is VPN clients

    here is my racoon.conf

    # This file is automatically generated. Do not edit
    path pre_shared_key "/var/etc/psk.txt";
    
    path certificate  "/var/etc";
    
     listen
    {
    	adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
    	isakmp wan.ip.add.ress [500];
    	isakmp_natt wan.ip.add.ress [4500];
    }
    
    mode_cfg
    {
    	auth_source system;
    	group_source system;
    	pool_size 253;
    	network4 192.168.250.1;
    	netmask4 255.255.255.0;
    	split_network include 192.168.254.0/24;
    	dns4 8.8.8.8;
    	dns4 8.8.8.8;
    	default_domain "domain.local";
    	split_dns "domain.local";
    	save_passwd on;
    }
    
    remote anonymous
    {
    	ph1id 1;
    	exchange_mode aggressive;
    	my_identifier address wan.ip.address;
    	peers_identifier user_fqdn "blah@blah.local";
    	ike_frag on;
    	generate_policy = on;
    	initial_contact = off;
    	nat_traversal = force;
    
    	dpd_delay = 10;
    	dpd_maxfail = 5;
    	support_proxy on;
    	proposal_check obey;
    	passive on;
    
    	proposal
    	{
    		authentication_method xauth_psk_server;
    		encryption_algorithm aes 128;
    		hash_algorithm sha1;
    		dh_group 2;
    		lifetime time 86400 secs;
    	}
    }
    
    sainfo   anonymous
    {
    	remoteid 1;
    	encryption_algorithm aes 256, aes 192, aes 128;
    	authentication_algorithm hmac_sha1;
    	pfs_group 2;
    	lifetime time 28800 secs;
    	compression_algorithm deflate;
    }
    

    I attached the log of racoon running in debug mode via SSH, my iphone connecting, then terminating the connection
    log.txt


Log in to reply