Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mobile IPsec cant pass any traffic…

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      flecom
      last edited by

      Ok I have searched a million times and tried everything I can think of and everything I have found on this forum and others and I just can't get mobile IPsec to work… I am able to connect to my VPN server from my Macbook and iPhone but I can pass NO traffic to the LAN/WAN or even ping the pfSense box itself... box is a firebox x500 running 2g image latest stable 2.0.1-RELEASE (i386)

      it also sees the SafeNet SafeXcel-1141 hardware crypto card that was in the firebox

      I followed this guide EXACTLY

      http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0

      my firewall rules for IPsec are all any/any/any/any/any/any

      LAN Subnet and subnet in the mobile clients IPsec config page ARE different as noted in the installation guide...

      I have tried all sors of combinations of the policy generation and proposal checking, from the unique/strict in the guide, to unique/obey, on/obey, on/strict, default/default, on/default etc etc

      192.168.254.0/24 is LAN
      192.168.250.0/24 is VPN clients

      here is my racoon.conf

      # This file is automatically generated. Do not edit
path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

 listen
{
	adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
	isakmp wan.ip.add.ress [500];
	isakmp_natt wan.ip.add.ress [4500];
}

mode_cfg
{
	auth_source system;
	group_source system;
	pool_size 253;
	network4 192.168.250.1;
	netmask4 255.255.255.0;
	split_network include 192.168.254.0/24;
	dns4 8.8.8.8;
	dns4 8.8.8.8;
	default_domain "domain.local";
	split_dns "domain.local";
	save_passwd on;
}

remote anonymous
{
	ph1id 1;
	exchange_mode aggressive;
	my_identifier address wan.ip.address;
	peers_identifier user_fqdn "blah@blah.local";
	ike_frag on;
	generate_policy = on;
	initial_contact = off;
	nat_traversal = force;

	dpd_delay = 10;
	dpd_maxfail = 5;
	support_proxy on;
	proposal_check obey;
	passive on;

	proposal
	{
		authentication_method xauth_psk_server;
		encryption_algorithm aes 128;
		hash_algorithm sha1;
		dh_group 2;
		lifetime time 86400 secs;
	}
}

sainfo   anonymous
{
	remoteid 1;
	encryption_algorithm aes 256, aes 192, aes 128;
	authentication_algorithm hmac_sha1;
	pfs_group 2;
	lifetime time 28800 secs;
	compression_algorithm deflate;
}

      I attached the log of racoon running in debug mode via SSH, my iphone connecting, then terminating the connection
      log.txt

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.