Pfsense 2.0.1 ipsec for mobile clients using vpnc on ubuntu 12, not working

arenoir

I have ipsec set up in the following way:

http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0

I am able to connect with OS X 10.8 and Windows Xp built in clients but am unable to connect with Ubuntu 12.04.

Is anyone using Ubuntu or any other linux distro for mobile clients and if so what client software are you using.

Does pfsense's IPSEC implementation work with VPNC client?

I am trying to use VPNC as the client on Ubuntu 12.04 and am getting the following error on the server side.


#this is the error
racoon: ERROR: invalied encryption algorithm=0.

#here is the log output

 Nov 2 11:01:27	racoon: [67.164.33.60] ERROR: phase1 negotiation failed.
Nov 2 11:01:27	racoon: [67.164.33.60] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
Nov 2 11:01:27	racoon: [67.164.33.60] ERROR: failed to get valid proposal.
Nov 2 11:01:27	racoon: ERROR: no suitable proposal found.
Nov 2 11:01:27	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:27	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:27	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:27	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:27	racoon: [67.164.33.60] INFO: Selected NAT-T version: RFC 3947
Nov 2 11:01:27	racoon: INFO: received Vendor ID: DPD
Nov 2 11:01:27	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Nov 2 11:01:27	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
Nov 2 11:01:27	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Nov 2 11:01:27	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Nov 2 11:01:27	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Nov 2 11:01:27	racoon: INFO: received Vendor ID: RFC 3947
Nov 2 11:01:27	racoon: INFO: received Vendor ID: CISCO-UNITY
Nov 2 11:01:27	racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Nov 2 11:01:27	racoon: INFO: begin Aggressive mode.
Nov 2 11:01:27	racoon: [Self]: INFO: respond new phase 1 negotiation: 38.111.159.66[500]<=>67.164.33.60[55016]
Nov 2 11:01:23	racoon: [67.164.33.60] ERROR: phase1 negotiation failed.
Nov 2 11:01:23	racoon: [67.164.33.60] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
Nov 2 11:01:23	racoon: [67.164.33.60] ERROR: failed to get valid proposal.
Nov 2 11:01:23	racoon: ERROR: no suitable proposal found.
Nov 2 11:01:23	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:23	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:23	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:23	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:23	racoon: [67.164.33.60] INFO: Selected NAT-T version: RFC 3947
Nov 2 11:01:23	racoon: INFO: received Vendor ID: DPD
Nov 2 11:01:23	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Nov 2 11:01:23	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
Nov 2 11:01:23	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Nov 2 11:01:23	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Nov 2 11:01:23	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Nov 2 11:01:23	racoon: INFO: received Vendor ID: RFC 3947
Nov 2 11:01:23	racoon: INFO: received Vendor ID: CISCO-UNITY
Nov 2 11:01:23	racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Nov 2 11:01:23	racoon: INFO: begin Aggressive mode.
Nov 2 11:01:23	racoon: [Self]: INFO: respond new phase 1 negotiation: 38.111.159.66[500]<=>67.164.33.60[55016]
Nov 2 11:01:21	racoon: [67.164.33.60] ERROR: phase1 negotiation failed.
Nov 2 11:01:21	racoon: [67.164.33.60] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
Nov 2 11:01:21	racoon: [67.164.33.60] ERROR: failed to get valid proposal.
Nov 2 11:01:21	racoon: ERROR: no suitable proposal found.
Nov 2 11:01:21	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:21	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:21	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:21	racoon: ERROR: invalied encryption algorithm=0.
Nov 2 11:01:21	racoon: [67.164.33.60] INFO: Selected NAT-T version: RFC 3947
Nov 2 11:01:21	racoon: INFO: received Vendor ID: DPD

This is the VPNC config options:


IPSec gateway xxx.xxx.xxx.xxx
IPSec ID admins
IPSEC secret mysecret
Xauth username aaron
Xauth password securepassword
IKE Authmode psk

Any help is greatly appreciated.

maxxer

Hi. did you manage to solve this? I'm running into the same issue with Ubuntu. vpnc doesn't seem to have options for that.
thanks

bellera

Same problem. Any idea for Linux (Ubuntu) users?

bellera

I opened new thread at IPsec section:

http://forum.pfsense.org/index.php/topic,59385

bellera

It doesn't work Mutual PSK + Xauth for vpnc:

http://forum.pfsense.org/index.php/topic,59385.msg319238.html#msg319238

Use ike-qtgui (Shrew Soft VPN Access Manager) package.