IOS 8 Cisco IPSec -> pfSense 2.2 broken
Upgraded to 2.2 today. When testing my VPN from an IOS device I discovered that it is not working anymore.
This is the message related:
"found 1 matching config, but none allows XAuthInitPSK authentication using Aggressive Mode"
I have tried setting phase 1 to 'main' instead of 'agressive' to no avail.
Any ideas? (user auth. not cert)
Works for me, in aggressive mode. What are your other settings?
I had same issue last night, finally got it working again by going to Mobile Clients setting under VPN IPSEC and unchecking Phase2 PFS Group (Provide the Phase2 PFS group to clients ( overrides all mobile phase2 settings ) and setting Group: OFF, after that my clients started connecting just fine.
Setting the PFS Key Group to off and changing the Lifetime to 3600 seconds resolved the issue.
Now one other issue left, when connected not all my traffic is routed through the VPN, only the LAN targeted trafic, in the 2.1.5. situation all traffic was routed through the VPN once established.
Back to the drawing board on this, if anyone has a solution for this I would like to hear it :-)
EDIT: Above resolved by specifying Phase 2 Local Network as Network 0.0.0.0/0 as per https://doc.pfsense.org/index.php/Upgrade_Guide#IPsec_Changes
All working as I intended it now.
Same here, after i followed instructions in https://doc.pfsense.org/index.php/Upgrade_Guide#IPsec_Changes all is back to normal.