Ipsec Mobile connections –- error from dmz (wifi) area



  • Dear Guys,

    I have an ipsec vpn configured in a pfsense 2.2.1 working fine from outside connections (3g/4g connections, for example) but when I tryed to connect to my vpn over my dmz area (used for wifi clients) the ipsec client return a time out error.

    I was thinking about my firewall rules, but the stranger is that are logged the ipsec log system:

    Apr 6 09:50:51 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
    Apr 6 09:50:51 charon: 07[IKE] <10> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
    Apr 6 09:50:51 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
    Apr 6 09:50:51 charon: 07[ENC] generating INFORMATIONAL_V1 request 2033047155 [ N(NO_PROP) ]
    Apr 6 09:50:51 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)
    Apr 6 09:50:54 charon: 07[NET] received packet: from 192.168.20.212[500] to 189.3.xxx.xxxx[500] (774 bytes)
    Apr 6 09:50:54 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
    Apr 6 09:50:54 charon: 07[IKE] <11> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
    Apr 6 09:50:54 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
    Apr 6 09:50:54 charon: 07[ENC] generating INFORMATIONAL_V1 request 3569949722 [ N(NO_PROP) ]
    Apr 6 09:50:54 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)
    Apr 6 09:50:58 charon: 07[NET] received packet: from 192.168.20.212[500] to 189.3.xxx.xxxx[500] (774 bytes)
    Apr 6 09:50:58 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
    Apr 6 09:50:58 charon: 07[IKE] <12> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
    Apr 6 09:50:58 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
    Apr 6 09:50:58 charon: 07[ENC] generating INFORMATIONAL_V1 request 452639932 [ N(NO_PROP) ]
    Apr 6 09:50:58 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)
    Apr 6 09:51:01 charon: 07[NET] received packet: from 192.168.20.212[500] to 189.3.xxx.xxxx[500] (774 bytes)
    Apr 6 09:51:01 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
    Apr 6 09:51:01 charon: 07[IKE] <13> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
    Apr 6 09:51:01 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
    Apr 6 09:51:01 charon: 07[ENC] generating INFORMATIONAL_V1 request 891259887 [ N(NO_PROP) ]
    Apr 6 09:51:01 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)

    Also I have 2 wan connections and i made a redundancy configuration, where i've configured the ipsec to work over the LAN interface and a NAT of both WAN was created to redirect packages for IPsec NAT-T, ISAKMP/UDP and ESP protocol to LAN interface.

    thank you guys


  • Banned


Log in to reply