BUG: IPsec Mobile client broken: no shared key found



  • I updated from 2.1.5. to 2.2 RC. Mobile Client IPsec worked just fine before update!

    Site to Site IPsec tunnel works but mobile IPsec won´t find shared key. Shared key is correct for the identifier given. I use Screwsoft VPN client

    Dec 17 23:20:18 	charon: 09[ENC] generating INFORMATIONAL_V1 request 21363637 [ N(INVAL_KE) ]
    Dec 17 23:20:18 	charon: 09[IKE] no shared key found for 'xxx.xxx.xxx.114'[xxx.xxx.xxx.114] - 'user1@email.com'[xxx.xxx.xxx.123]
    

    Phase 1:

    Authentication method: IKEv1
    Mutual PSK
    Negotation mode: Agressive
    My Identifier: My IP Address
    Encryption: AES 265
    Hash: SHA1
    DH Key group: 2 (1024 bit)
    Lifetime: 28800
    Disable Rekey ( Unchecked)
    Disable Reauth (Unchecked)



  • Okey - Found the problem!

    email address won't work as PSK identifier!
    This must be a bug! I changed to random ip-address and connection worked like charm!



  • Thanks, should be fixed.
    https://redmine.pfsense.org/issues/4126


Log in to reply