Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Mobile IPsec cant pass any traffic…

    IPsec
    1
    1
    1098
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      flecom last edited by

      Ok I have searched a million times and tried everything I can think of and everything I have found on this forum and others and I just can't get mobile IPsec to work… I am able to connect to my VPN server from my Macbook and iPhone but I can pass NO traffic to the LAN/WAN or even ping the pfSense box itself... box is a firebox x500 running 2g image latest stable 2.0.1-RELEASE (i386)

      it also sees the SafeNet SafeXcel-1141 hardware crypto card that was in the firebox

      I followed this guide EXACTLY

      http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0

      my firewall rules for IPsec are all any/any/any/any/any/any

      LAN Subnet and subnet in the mobile clients IPsec config page ARE different as noted in the installation guide...

      I have tried all sors of combinations of the policy generation and proposal checking, from the unique/strict in the guide, to unique/obey, on/obey, on/strict, default/default, on/default etc etc

      192.168.254.0/24 is LAN
      192.168.250.0/24 is VPN clients

      here is my racoon.conf

      # This file is automatically generated. Do not edit
      path pre_shared_key "/var/etc/psk.txt";
      
      path certificate  "/var/etc";
      
       listen
      {
      	adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
      	isakmp wan.ip.add.ress [500];
      	isakmp_natt wan.ip.add.ress [4500];
      }
      
      mode_cfg
      {
      	auth_source system;
      	group_source system;
      	pool_size 253;
      	network4 192.168.250.1;
      	netmask4 255.255.255.0;
      	split_network include 192.168.254.0/24;
      	dns4 8.8.8.8;
      	dns4 8.8.8.8;
      	default_domain "domain.local";
      	split_dns "domain.local";
      	save_passwd on;
      }
      
      remote anonymous
      {
      	ph1id 1;
      	exchange_mode aggressive;
      	my_identifier address wan.ip.address;
      	peers_identifier user_fqdn "blah@blah.local";
      	ike_frag on;
      	generate_policy = on;
      	initial_contact = off;
      	nat_traversal = force;
      
      	dpd_delay = 10;
      	dpd_maxfail = 5;
      	support_proxy on;
      	proposal_check obey;
      	passive on;
      
      	proposal
      	{
      		authentication_method xauth_psk_server;
      		encryption_algorithm aes 128;
      		hash_algorithm sha1;
      		dh_group 2;
      		lifetime time 86400 secs;
      	}
      }
      
      sainfo   anonymous
      {
      	remoteid 1;
      	encryption_algorithm aes 256, aes 192, aes 128;
      	authentication_algorithm hmac_sha1;
      	pfs_group 2;
      	lifetime time 28800 secs;
      	compression_algorithm deflate;
      }
      

      I attached the log of racoon running in debug mode via SSH, my iphone connecting, then terminating the connection
      log.txt

      1 Reply Last reply Reply Quote 0
      • First post
        Last post