Mobile IPsec cant pass any traffic…
-
Ok I have searched a million times and tried everything I can think of and everything I have found on this forum and others and I just can't get mobile IPsec to work… I am able to connect to my VPN server from my Macbook and iPhone but I can pass NO traffic to the LAN/WAN or even ping the pfSense box itself... box is a firebox x500 running 2g image latest stable 2.0.1-RELEASE (i386)
it also sees the SafeNet SafeXcel-1141 hardware crypto card that was in the firebox
I followed this guide EXACTLY
http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0
my firewall rules for IPsec are all any/any/any/any/any/any
LAN Subnet and subnet in the mobile clients IPsec config page ARE different as noted in the installation guide...
I have tried all sors of combinations of the policy generation and proposal checking, from the unique/strict in the guide, to unique/obey, on/obey, on/strict, default/default, on/default etc etc
192.168.254.0/24 is LAN
192.168.250.0/24 is VPN clientshere is my racoon.conf
# This file is automatically generated. Do not edit path pre_shared_key "/var/etc/psk.txt"; path certificate "/var/etc"; listen { adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660; isakmp wan.ip.add.ress [500]; isakmp_natt wan.ip.add.ress [4500]; } mode_cfg { auth_source system; group_source system; pool_size 253; network4 192.168.250.1; netmask4 255.255.255.0; split_network include 192.168.254.0/24; dns4 8.8.8.8; dns4 8.8.8.8; default_domain "domain.local"; split_dns "domain.local"; save_passwd on; } remote anonymous { ph1id 1; exchange_mode aggressive; my_identifier address wan.ip.address; peers_identifier user_fqdn "blah@blah.local"; ike_frag on; generate_policy = on; initial_contact = off; nat_traversal = force; dpd_delay = 10; dpd_maxfail = 5; support_proxy on; proposal_check obey; passive on; proposal { authentication_method xauth_psk_server; encryption_algorithm aes 128; hash_algorithm sha1; dh_group 2; lifetime time 86400 secs; } } sainfo anonymous { remoteid 1; encryption_algorithm aes 256, aes 192, aes 128; authentication_algorithm hmac_sha1; pfs_group 2; lifetime time 28800 secs; compression_algorithm deflate; }
I attached the log of racoon running in debug mode via SSH, my iphone connecting, then terminating the connection
log.txt