PfSense 2.2 vs DrayTek (Need Help with error)



  • Hello,

    I'm having this error, and I can't seem to understand since I'm pretty much new in VPN's…

    http://pastebin.com/AUzR7Aku

    I followed the specific Guide, but it's not working...

    http://www.vaines.org/pfsense-to-draytek-ipsec-vpn/

    Any kind soul somewhere in here to help me with the troubleshooting?



  • Jan 30 14:54:18 charon: 13[CFG] looking for pre-shared key peer configs matching pFsense_PUBIP…DRAYTEK_PUBIP[192.168.30.2]
    Jan 30 14:54:18 charon: 13[IKE] <114> no peer config found



  • I left a comment on that blog post with some inaccuracies in their recommendations. Specifically:

    "Three issues with the suggestions here that I wanted to note, as they may cause people problems.

    One, it's almost never a good idea to enable "prefer old SAs", and isn't necessary with Drayteks that I've seen. It could cause problems to enable that, I wouldn't recommend it.

    Two, on "Call Direction" on Draytek, it should almost always be set to "Both" otherwise the remote side can't initiate the IPsec.

    Three, the "Local Network IP" part should be the network address, not an IP within the subnet. So for the example shown here, it should be 192.168.2.0 not 2.254. "

    Though your problem looks to be outside of any of that, it appears you're using mismatched identifiers on phase 1, sending the private WAN IP of the Draytek across.



  • Hi, thanks for the replys…

    I'll be doing this changes this afternoon, and I'll leave a feedback. Thanks for the help