4. Mobile IPsec cant pass any traffic…

Mobile IPsec cant pass any traffic…

  • F

    Ok I have searched a million times and tried everything I can think of and everything I have found on this forum and others and I just can't get mobile IPsec to work… I am able to connect to my VPN server from my Macbook and iPhone but I can pass NO traffic to the LAN/WAN or even ping the pfSense box itself... box is a firebox x500 running 2g image latest stable 2.0.1-RELEASE (i386)

    it also sees the SafeNet SafeXcel-1141 hardware crypto card that was in the firebox

    I followed this guide EXACTLY

    http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0

    my firewall rules for IPsec are all any/any/any/any/any/any

    LAN Subnet and subnet in the mobile clients IPsec config page ARE different as noted in the installation guide...

    I have tried all sors of combinations of the policy generation and proposal checking, from the unique/strict in the guide, to unique/obey, on/obey, on/strict, default/default, on/default etc etc

    192.168.254.0/24 is LAN
    192.168.250.0/24 is VPN clients

    here is my racoon.conf

    # This file is automatically generated. Do not edit
path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

 listen
{
	adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
	isakmp wan.ip.add.ress [500];
	isakmp_natt wan.ip.add.ress [4500];
}

mode_cfg
{
	auth_source system;
	group_source system;
	pool_size 253;
	network4 192.168.250.1;
	netmask4 255.255.255.0;
	split_network include 192.168.254.0/24;
	dns4 8.8.8.8;
	dns4 8.8.8.8;
	default_domain "domain.local";
	split_dns "domain.local";
	save_passwd on;
}

remote anonymous
{
	ph1id 1;
	exchange_mode aggressive;
	my_identifier address wan.ip.address;
	peers_identifier user_fqdn "blah@blah.local";
	ike_frag on;
	generate_policy = on;
	initial_contact = off;
	nat_traversal = force;

	dpd_delay = 10;
	dpd_maxfail = 5;
	support_proxy on;
	proposal_check obey;
	passive on;

	proposal
	{
		authentication_method xauth_psk_server;
		encryption_algorithm aes 128;
		hash_algorithm sha1;
		dh_group 2;
		lifetime time 86400 secs;
	}
}

sainfo   anonymous
{
	remoteid 1;
	encryption_algorithm aes 256, aes 192, aes 128;
	authentication_algorithm hmac_sha1;
	pfs_group 2;
	lifetime time 28800 secs;
	compression_algorithm deflate;
}

    I attached the log of racoon running in debug mode via SSH, my iphone connecting, then terminating the connection
    log.txt

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy