IPSEC Mobile Configuration using Shrewsoft
-
I recently upgraded a device from 2.1.5 to 2.2 and had to roll back due to mobile connection issues. After rolling back I went to another device that does not require vpn connectivity and upgraded that device. Using https://doc.pfsense.org/index.php/IPsec_for_road_warriors_in_PfSense_2.0.1_with_PSK_in_stead_of_xauth for my configuration I was not able to successfully establish a connection. I have read every post related to the topic and still cannot get a working configuration.
Could anyone please post screen shots of a working IPSEC Mobile user config? I would be in ever debt! :D
-
When restarting the ipsec service I get this:
Feb 19 14:00:56 charon: 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf gmp xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke smp updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock unity
Feb 19 14:00:56 charon: 00[LIB] unable to load 6 plugin features (5 due to unmet dependencies)
I assume thats not normal?
-
Feb 19 14:00:56 charon: 00[LIB] unable to load 6 plugin features (5 due to unmet dependencies)
I assume thats not normal?It's standard, and what I've seen since 2.2 alpha. Of course, it's clear IPSEC in 2.2 has some challenges, but I don't think this is the direct cause of any.
-
Thank you Charlie, I just dont understand why I am having such issues with migrating to this. I have tried so many combinations to get this right and it just will not authenticate.
If I dont use xauth, it will not connect at all.
When using xauth it tells me "authentication error"
-
I don't have a working shrewsoft / pfSense 2.2 configuration to give you, sorry. Did you read the IPSEC paragraphs of the 2.2 announcement? There are some work-arounds in there: https://blog.pfsense.org/?p=1546
There are a number of IPSEC issues being tracked and targeted for fixing in a 2.2.1 release.
-
Thanks for the link charlie I had not seen that. Will give some of it a go. :D