IPSEC Mobile Configuration using Shrewsoft



  • I recently upgraded a device from 2.1.5 to 2.2 and had to roll back due to mobile connection issues. After rolling back I went to another device that does not require vpn connectivity and upgraded that device.  Using https://doc.pfsense.org/index.php/IPsec_for_road_warriors_in_PfSense_2.0.1_with_PSK_in_stead_of_xauth for my configuration I was not able to successfully establish a connection.  I have read every post related to the topic and still cannot get a working configuration.

    Could anyone please post screen shots of a working IPSEC Mobile user config? I would be in ever debt! :D



  • When restarting the ipsec service I get this:

    Feb 19 14:00:56 charon: 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf gmp xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke smp updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock unity

    Feb 19 14:00:56 charon: 00[LIB] unable to load 6 plugin features (5 due to unmet dependencies)

    I assume thats not normal?



  • @sic08869:

    Feb 19 14:00:56 charon: 00[LIB] unable to load 6 plugin features (5 due to unmet dependencies)
    I assume thats not normal?

    It's standard, and what I've seen since 2.2 alpha.  Of course, it's clear IPSEC in 2.2 has some challenges, but I don't think this is the direct cause of any.



  • Thank you Charlie, I just dont understand why I am having such issues with migrating to this. I have tried so many combinations to get this right and it just will not authenticate.

    If I dont use xauth, it will not connect at all.

    When using xauth it tells me "authentication error"



  • I don't have a working shrewsoft / pfSense 2.2 configuration to give you, sorry.  Did you read the IPSEC paragraphs of the 2.2 announcement?  There are some work-arounds in there: https://blog.pfsense.org/?p=1546

    There are a number of IPSEC issues being tracked and targeted for fixing in a 2.2.1 release.



  • Thanks for the link charlie I had not seen that. Will give some of it a go. :D