VPN Broken by (StrongSwan) PFsense update



  • Hello!

    We used to have our PFsense and Shrew clients setup exactly as PFsense instructions for roadwarriors.
    After we updated to 2.2.1 the VPN stopped working.
    Have google this to no end, almost everybody on other forums ends up rolling back to 2.1.5 and everything works again.
    There's gotta be another guide for the new version of PFsense with StrongSwan to work with Shrew.
    I have tried variations on every setting I can think of and nothing fixes it so far.

    Thanks for your help, oh and I get a log like this one:

    Apr 16 11:36:41 charon: 13[IKE] INFORMATIONAL_V1 request with message ID 2790320297 processing failed
    Apr 16 11:36:41 charon: 13[IKE] <58> INFORMATIONAL_V1 request with message ID 2790320297 processing failed
    Apr 16 11:36:41 charon: 13[IKE] ignore malformed INFORMATIONAL request
    Apr 16 11:36:41 charon: 13[IKE] <58> ignore malformed INFORMATIONAL request
    Apr 16 11:36:41 charon: 13[IKE] message parsing failed
    Apr 16 11:36:41 charon: 13[IKE] <58> message parsing failed
    Apr 16 11:36:32 charon: 13[IKE] ID_PROT request with message ID 0 processing failed
    Apr 16 11:36:32 charon: 13[IKE] <58> ID_PROT request with message ID 0 processing failed
    Apr 16 11:36:32 charon: 13[IKE] message parsing failed
    Apr 16 11:36:32 charon: 13[IKE] <58> message parsing failed
    Apr 16 11:36:32 charon: 13[IKE] faking NAT situation to enforce UDP encapsulation
    Apr 16 11:36:32 charon: 13[IKE] <58> faking NAT situation to enforce UDP encapsulation
    Apr 16 11:36:32 charon: 13[IKE] 10.10.1.3 is initiating a Main Mode IKE_SA
    Apr 16 11:36:32 charon: 13[IKE] <58> 10.10.1.3 is initiating a Main Mode IKE_SA
    Apr 16 11:36:32 charon: 13[IKE] received Cisco Unity vendor ID
    Apr 16 11:36:32 charon: 13[IKE] <58> received Cisco Unity vendor ID
    Apr 16 11:36:32 charon: 13[IKE] received DPD vendor ID
    Apr 16 11:36:32 charon: 13[IKE] <58> received DPD vendor ID
    Apr 16 11:36:32 charon: 13[IKE] received FRAGMENTATION vendor ID
    Apr 16 11:36:32 charon: 13[IKE] <58> received FRAGMENTATION vendor ID
    Apr 16 11:36:32 charon: 13[IKE] received NAT-T (RFC 3947) vendor ID
    Apr 16 11:36:32 charon: 13[IKE] <58> received NAT-T (RFC 3947) vendor ID



  • @LakelandTech:

    We used to have our PFsense and Shrew clients setup exactly as PFsense instructions for roadwarriors.

    Could you point me to which instructions specifically?


Log in to reply