Ipsec Mobile connections –- error from dmz (wifi) area
-
Dear Guys,
I have an ipsec vpn configured in a pfsense 2.2.1 working fine from outside connections (3g/4g connections, for example) but when I tryed to connect to my vpn over my dmz area (used for wifi clients) the ipsec client return a time out error.
I was thinking about my firewall rules, but the stranger is that are logged the ipsec log system:
Apr 6 09:50:51 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
Apr 6 09:50:51 charon: 07[IKE] <10> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
Apr 6 09:50:51 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
Apr 6 09:50:51 charon: 07[ENC] generating INFORMATIONAL_V1 request 2033047155 [ N(NO_PROP) ]
Apr 6 09:50:51 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)
Apr 6 09:50:54 charon: 07[NET] received packet: from 192.168.20.212[500] to 189.3.xxx.xxxx[500] (774 bytes)
Apr 6 09:50:54 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
Apr 6 09:50:54 charon: 07[IKE] <11> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
Apr 6 09:50:54 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
Apr 6 09:50:54 charon: 07[ENC] generating INFORMATIONAL_V1 request 3569949722 [ N(NO_PROP) ]
Apr 6 09:50:54 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)
Apr 6 09:50:58 charon: 07[NET] received packet: from 192.168.20.212[500] to 189.3.xxx.xxxx[500] (774 bytes)
Apr 6 09:50:58 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
Apr 6 09:50:58 charon: 07[IKE] <12> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
Apr 6 09:50:58 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
Apr 6 09:50:58 charon: 07[ENC] generating INFORMATIONAL_V1 request 452639932 [ N(NO_PROP) ]
Apr 6 09:50:58 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)
Apr 6 09:51:01 charon: 07[NET] received packet: from 192.168.20.212[500] to 189.3.xxx.xxxx[500] (774 bytes)
Apr 6 09:51:01 charon: 07[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
Apr 6 09:51:01 charon: 07[IKE] <13> no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
Apr 6 09:51:01 charon: 07[IKE] no IKE config found for 189.3.xxx.xxxx…192.168.20.212, sending NO_PROPOSAL_CHOSEN
Apr 6 09:51:01 charon: 07[ENC] generating INFORMATIONAL_V1 request 891259887 [ N(NO_PROP) ]
Apr 6 09:51:01 charon: 07[NET] sending packet: from 189.3.xxx.xxxx[500] to 192.168.20.212[500] (40 bytes)Also I have 2 wan connections and i made a redundancy configuration, where i've configured the ipsec to work over the LAN interface and a NAT of both WAN was created to redirect packages for IPsec NAT-T, ISAKMP/UDP and ESP protocol to LAN interface.
thank you guys
-
https://doc.pfsense.org/index.php/IPsec_Troubleshooting