Mobile IPsec cant pass any traffic…

  • Ok I have searched a million times and tried everything I can think of and everything I have found on this forum and others and I just can't get mobile IPsec to work… I am able to connect to my VPN server from my Macbook and iPhone but I can pass NO traffic to the LAN/WAN or even ping the pfSense box itself... box is a firebox x500 running 2g image latest stable 2.0.1-RELEASE (i386)

    it also sees the SafeNet SafeXcel-1141 hardware crypto card that was in the firebox

    I followed this guide EXACTLY

    my firewall rules for IPsec are all any/any/any/any/any/any

    LAN Subnet and subnet in the mobile clients IPsec config page ARE different as noted in the installation guide...

    I have tried all sors of combinations of the policy generation and proposal checking, from the unique/strict in the guide, to unique/obey, on/obey, on/strict, default/default, on/default etc etc is LAN is VPN clients

    here is my racoon.conf

    # This file is automatically generated. Do not edit
    path pre_shared_key "/var/etc/psk.txt";
    path certificate  "/var/etc";
    	adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
    	isakmp wan.ip.add.ress [500];
    	isakmp_natt wan.ip.add.ress [4500];
    	auth_source system;
    	group_source system;
    	pool_size 253;
    	split_network include;
    	default_domain "domain.local";
    	split_dns "domain.local";
    	save_passwd on;
    remote anonymous
    	ph1id 1;
    	exchange_mode aggressive;
    	my_identifier address wan.ip.address;
    	peers_identifier user_fqdn "blah@blah.local";
    	ike_frag on;
    	generate_policy = on;
    	initial_contact = off;
    	nat_traversal = force;
    	dpd_delay = 10;
    	dpd_maxfail = 5;
    	support_proxy on;
    	proposal_check obey;
    	passive on;
    		authentication_method xauth_psk_server;
    		encryption_algorithm aes 128;
    		hash_algorithm sha1;
    		dh_group 2;
    		lifetime time 86400 secs;
    sainfo   anonymous
    	remoteid 1;
    	encryption_algorithm aes 256, aes 192, aes 128;
    	authentication_algorithm hmac_sha1;
    	pfs_group 2;
    	lifetime time 28800 secs;
    	compression_algorithm deflate;

    I attached the log of racoon running in debug mode via SSH, my iphone connecting, then terminating the connection

Log in to reply