Mac OS X IPSec VPN Issues - Fixed with VPNTracker



  • Hi all@Community,

    I did a new installation with a pfSense 2.2 two days ago.

    2.2-RELEASE (amd64)
    built on Thu Jan 22 14:03:54 CST 2015
    FreeBSD 10.1-RELEASE-p4

    To maintain the box, I setup an OpenVPN server : no troubles. I can reach remotely with Viscosity, a VPN Client for Mac OS X.

    I also did a setup using IPSec VPN : using the Mac OS X Client (Mac OS X 10.9.5), unable to get the VPN working :

    ERROR: none message must be encrypted
    

    I tried a couple of solutions/fixes/replies I found over this forum, but each time same trouble.

    I installed a demo version of VPN Tracker (V8) - http://www.vpntracker.com/us/index.html : Using the same IPSec setup (Mobile or Road-warrior connection), VPN is working great with the pfSense box.

    I also maintain a pfSense Box running 2.1 : no connection issue at all, with the same IPSec Client on Mac OS X.

    I suppose that V2.2 broke the compatibility with Mac OS X : to be confirmed.

    If the DevTeam needs more log files, I can help.

    Did some Users met the same troubles ?

    Thanks a lot for all !

    Feb 12 22:43:33 pfSenseScannimage ipsec_starter[49440]: ipsec starter stopped
    Feb 12 22:44:02 pfSenseScannimage ipsec_starter[32336]: Starting strongSwan 5.2.1 IPsec [starter]...
    Feb 12 22:44:02 pfSenseScannimage ipsec_starter[32336]: no netkey IPsec stack detected
    Feb 12 22:44:02 pfSenseScannimage ipsec_starter[32336]: no KLIPS IPsec stack detected
    Feb 12 22:44:02 pfSenseScannimage ipsec_starter[32336]: no known IPsec stack detected, ignoring!
    Feb 12 22:44:02 pfSenseScannimage charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, FreeBSD 10.1-RELEASE-p4, amd64)
    Feb 12 22:44:02 pfSenseScannimage charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
    Feb 12 22:44:02 pfSenseScannimage charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG] ipseckey plugin is disabled
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG] loading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG]   loaded ca certificate "C=FR, ST=Region, L=City, O=MyID, E=MyName@MyID.fr, CN=internal-ca" from '/var/etc/ipsec/ipsec.d/cacerts/0eed1ea6.0.crt'
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG] loading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG] loading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG] loading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG] loading crls from '/var/etc/ipsec/ipsec.d/crls'
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG]   loaded IKE secret for 81.X.Y.Z VPNIPSec
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG]   loaded IKE secret for %any MyID
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG] opening triplet file /var/etc/ipsec/ipsec.d/triplets.dat failed: No such file or directory
    Feb 12 22:44:02 pfSenseScannimage charon: 00[CFG] loaded 0 RADIUS server configurations
    Feb 12 22:44:02 pfSenseScannimage charon: 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf gmp xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke smp updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock unity
    Feb 12 22:44:02 pfSenseScannimage charon: 00[LIB] unable to load 6 plugin features (5 due to unmet dependencies)
    Feb 12 22:44:02 pfSenseScannimage ipsec_starter[32835]: charon (33170) started after 60 ms
    Feb 12 22:44:02 pfSenseScannimage charon: 00[JOB] spawning 16 worker threads
    Feb 12 22:44:02 pfSenseScannimage charon: 06[CFG] received stroke: add connection 'con1'
    Feb 12 22:44:02 pfSenseScannimage charon: 06[CFG] adding virtual IP address pool 10.8.9.0/24
    Feb 12 22:44:02 pfSenseScannimage charon: 06[CFG] added configuration 'con1'
    Feb 12 22:44:24 pfSenseScannimage charon: 06[NET] received packet: from 77.A.B.C[500] to 81.X.Y.Z[500] (764 bytes)
    Feb 12 22:44:24 pfSenseScannimage charon: 06[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received FRAGMENTATION vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received FRAGMENTATION vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received NAT-T (RFC 3947) vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received NAT-T (RFC 3947) vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received draft-ietf-ipsec-nat-t-ike vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received XAuth vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received XAuth vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received Cisco Unity vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received Cisco Unity vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> received DPD vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] received DPD vendor ID
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> 77.A.B.C is initiating a Aggressive Mode IKE_SA
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] 77.A.B.C is initiating a Aggressive Mode IKE_SA
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] <1> Aggressive Mode PSK disabled for security reasons
    Feb 12 22:44:24 pfSenseScannimage charon: 06[IKE] Aggressive Mode PSK disabled for security reasons
    Feb 12 22:44:24 pfSenseScannimage charon: 06[ENC] generating INFORMATIONAL_V1 request 2671692836 [ N(AUTH_FAILED) ]
    Feb 12 22:44:24 pfSenseScannimage charon: 06[NET] sending packet: from 81.X.Y.Z[500] to 77.A.B.C[500] (56 bytes)
    Feb 12 22:44:27 pfSenseScannimage charon: 06[NET] received packet: from 77.A.B.C[500] to 81.X.Y.Z[500] (764 bytes)
    Feb 12 22:44:27 pfSenseScannimage charon: 06[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received FRAGMENTATION vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received FRAGMENTATION vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received NAT-T (RFC 3947) vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received NAT-T (RFC 3947) vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received draft-ietf-ipsec-nat-t-ike vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received XAuth vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received XAuth vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received Cisco Unity vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received Cisco Unity vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> received DPD vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] received DPD vendor ID
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> 77.A.B.C is initiating a Aggressive Mode IKE_SA
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] 77.A.B.C is initiating a Aggressive Mode IKE_SA
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] <2> Aggressive Mode PSK disabled for security reasons
    Feb 12 22:44:27 pfSenseScannimage charon: 06[IKE] Aggressive Mode PSK disabled for security reasons
    Feb 12 22:44:27 pfSenseScannimage charon: 06[ENC] generating INFORMATIONAL_V1 request 2082939261 [ N(AUTH_FAILED) ]
    Feb 12 22:44:27 pfSenseScannimage charon: 06[NET] sending packet: from 81.X.Y.Z[500] to 77.A.B.C[500] (56 bytes)
    Feb 12 22:44:30 pfSenseScannimage charon: 06[NET] received packet: from 77.A.B.C[500] to 81.X.Y.Z[500] (764 bytes)
    Feb 12 22:44:30 pfSenseScannimage charon: 06[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received FRAGMENTATION vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received FRAGMENTATION vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received NAT-T (RFC 3947) vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received NAT-T (RFC 3947) vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received draft-ietf-ipsec-nat-t-ike vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received XAuth vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received XAuth vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received Cisco Unity vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received Cisco Unity vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> received DPD vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] received DPD vendor ID
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> 77.A.B.C is initiating a Aggressive Mode IKE_SA
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] 77.A.B.C is initiating a Aggressive Mode IKE_SA
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] <3> Aggressive Mode PSK disabled for security reasons
    Feb 12 22:44:30 pfSenseScannimage charon: 06[IKE] Aggressive Mode PSK disabled for security reasons
    Feb 12 22:44:30 pfSenseScannimage charon: 06[ENC] generating INFORMATIONAL_V1 request 2329441594 [ N(AUTH_FAILED) ]
    Feb 12 22:44:30 pfSenseScannimage charon: 06[NET] sending packet: from 81.X.Y.Z[500] to 77.A.B.C[500] (56 bytes)
    Feb 12 22:44:33 pfSenseScannimage charon: 08[NET] received packet: from 77.A.B.C[500] to 81.X.Y.Z[500] (764 bytes)
    Feb 12 22:44:33 pfSenseScannimage charon: 08[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received FRAGMENTATION vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received FRAGMENTATION vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received NAT-T (RFC 3947) vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received NAT-T (RFC 3947) vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received draft-ietf-ipsec-nat-t-ike vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received XAuth vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received XAuth vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received Cisco Unity vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received Cisco Unity vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> received DPD vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] received DPD vendor ID
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> 77.A.B.C is initiating a Aggressive Mode IKE_SA
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] 77.A.B.C is initiating a Aggressive Mode IKE_SA
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] <4> Aggressive Mode PSK disabled for security reasons
    Feb 12 22:44:33 pfSenseScannimage charon: 08[IKE] Aggressive Mode PSK disabled for security reasons
    Feb 12 22:44:33 pfSenseScannimage charon: 08[ENC] generating INFORMATIONAL_V1 request 2272843524 [ N(AUTH_FAILED) ]
    Feb 12 22:44:33 pfSenseScannimage charon: 08[NET] sending packet: from 81.X.Y.Z[500] to 77.A.B.C[500] (56 bytes)
    


  • I'm attempting to run the same connection…pfSense 2.2 firewall with inbound Mac running VPN Tracker 8.1 road warrior configuration.  Could you possibly provide the firewall config details and the corresponding VPN Tracker settings?  I've had this same config working with pfSense 2.1.5 for years but suddenly with v2.2 I'm getting hash errors on my identifiers during phase 1.  And yes, I've confirmed the local/remote hash algorithms match.

    If I can get your firewall/VPN Tracker setting I'm hoping I can repeat your success.



  • Just restart the box to enable unsecure preshared key with agressive mode.
    The logs at the end are very clear on that.

    Sometimes the configuration change is not applied on the daemon which will be fixed on newer versions, for now just restart it.


Log in to reply