Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to setup connection Mobile Clients

    IPsec
    1
    1
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dtjattan
      last edited by

      I am trying to get my pfsense to talk to a windows xp VPN client using mobile client. I am using version 1.2-RC2 of pfsense.

      Here is the error I receive when I try to connect using WinXP VPN Client.

      Sep 19 19:31:24 racoon: []: INFO: ISAKMP-SA deleted 192.168.120.109[500]-192.168.120.20[500] spi:c860a69f7f283879:b9517b0f2e4d6c9a
      Sep 19 19:31:23 racoon: INFO: purged ISAKMP-SA spi=c860a69f7f283879:b9517b0f2e4d6c9a.
      Sep 19 19:31:23 racoon: ERROR: pfkey_check (Invalid extension type)
      Sep 19 19:31:23 racoon: ERROR: pfkey_check (Invalid extension type)
      Sep 19 19:31:23 racoon: INFO: purging ISAKMP-SA spi=c860a69f7f283879:b9517b0f2e4d6c9a.
      Sep 19 19:31:23 racoon: ERROR: pfkey_check (Invalid extension type)
      Sep 19 19:31:23 racoon: ERROR: pfkey_check (Invalid extension type)
      Sep 19 19:30:48 racoon: []: ERROR: such policy does not already exist: "192.168.120.109/32[1701] 192.168.120.20/32[1701] proto=udp dir=out"
      Sep 19 19:30:48 racoon: []: ERROR: such policy does not already exist: "192.168.120.20/32[1701] 192.168.120.109/32[1701] proto=udp dir=in"
      Sep 19 19:30:48 racoon: []: INFO: IPsec-SA established: ESP/Transport 192.168.120.109[0]->192.168.120.20[0] spi=2487271248(0x9440bf50)
      Sep 19 19:30:48 racoon: []: INFO: IPsec-SA established: ESP/Transport 192.168.120.20[0]->192.168.120.109[0] spi=119514860(0x71fa6ec)
      Sep 19 19:30:48 racoon: []: INFO: no policy found, try to generate the policy : 192.168.120.20/32[1701] 192.168.120.109/32[1701] proto=udp dir=in
      Sep 19 19:30:48 racoon: []: INFO: respond new phase 2 negotiation: 192.168.120.109[0]<=>192.168.120.20[0]
      Sep 19 19:30:48 racoon: []: INFO: ISAKMP-SA established 192.168.120.109[500]-192.168.120.20[500] spi:c860a69f7f283879:b9517b0f2e4d6c9a
      Sep 19 19:30:48 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
      Sep 19 19:30:48 racoon: INFO: received Vendor ID: FRAGMENTATION
      Sep 19 19:30:48 racoon: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
      Sep 19 19:30:48 racoon: INFO: begin Identity Protection mode.
      Sep 19 19:30:48 racoon: []: INFO: respond new phase 1 negotiation: 192.168.120.109[500]<=>192.168.120.20[500]
      Sep 19 19:30:39 racoon: INFO: unsupported PF_KEY message REGISTER
      Sep 19 19:30:39 racoon: [Self]: INFO: 192.168.1.1[500] used as isakmp port (fd=21)
      Sep 19 19:30:39 racoon: INFO: fe80::2e0:4cff:fe46:d0b6%rl0[500] used as isakmp port (fd=20)
      Sep 19 19:30:39 racoon: INFO: fe80::2e0:4cff:fe49:6a22%rl1[500] used as isakmp port (fd=19)
      Sep 19 19:30:39 racoon: []: INFO: 192.168.120.109[500] used as isakmp port (fd=18)
      Sep 19 19:30:39 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=17)
      Sep 19 19:30:39 racoon: INFO: ::1[500] used as isakmp port (fd=16)
      Sep 19 19:30:39 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=15)
      Sep 19 19:30:39 racoon: INFO: generated policy, deleting it.

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.