Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSEC Mobile doesn't show connected users

    2.1 Snapshot Feedback and Problems - RETIRED
    3
    8
    1565
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johnnybe last edited by

      I have IPSEC mobile running fine but it doesn't show connected users in the Dashboard widget or in Status > IPsec tab.
      It only shows in Status > IPsec > SAD tab.
      The screen shots below were taken during established connection:






      1 Reply Last reply Reply Quote 0
      • E
        eri-- last edited by

        Are you using any authentication for these mobile users?
        The mobile section will show only users connected with an username authentication.

        1 Reply Last reply Reply Quote 0
        • J
          johnnybe last edited by

          Thanks ermal.
          I'm using Pre-shared keys.

          1 Reply Last reply Reply Quote 0
          • E
            eri-- last edited by

            Can you show an output of racoonctl show-users?

            1 Reply Last reply Reply Quote 0
            • J
              johnnybe last edited by

              @ermal:

              Can you show an output of racoonctl show-users?

              Yep, the next time I make a mobile connection I'll post an output of racoonctl show-users.
              But I think I understand what you said before. The IPSEC mobile user must be registered in the System > User Manager, not only in the Pre-shared keys tab. That's right?

              1 Reply Last reply Reply Quote 0
              • J
                johnnybe last edited by

                There we go:

                [2.1-BETA0][root@xxxxxxxxxx.yyyyyyy.zzz]/root(1): racoonctl show-users
                User|Source|Destination|CreatedOn|SPI
                |187.64.217.245:4500|177.133.176.34:4500|2012-11-02 14:12:11|0
                |187.64.217.245:500|189.47.177.102:500|2012-11-02 10:06:46|0
                |187.64.217.245:500|200.153.143.119:500|2012-11-02 10:06:46|0
                |187.64.217.245:500|187.106.26.249:500|2012-11-02 10:06:46|0

                1 Reply Last reply Reply Quote 0
                • jimp
                  jimp Rebel Alliance Developer Netgate last edited by

                  Using PSK's there are no usernames, which is what that mobile user bit was supposed to show (connected xauth users).

                  The function that dumps the mobile users ignores any line without a username set, which none of those have.

                  You can try to edit that check at line 553 of /etc/inc/ipsec.inc

                  Though killing those connections won't work, as the racoonctl command to kill mobile sessions only works by username.

                  1 Reply Last reply Reply Quote 0
                  • J
                    johnnybe last edited by

                    Thanks jimp.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense Plus
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy