1. Home
  2. pfSense® Software
  3. IPsec
  4. Upgraded to 2.2.3, IPSec broke on Windows

Upgraded to 2.2.3, IPSec broke on Windows

  • Z

    So….
    1. Upgraded to pfSense 2.2.3, my Android phones and Mac can connect to the VPN, but no traffic was passed thru. OK, this is already being taken care of, by turning off AES-NI...
    2. Then on my Windows 8.1 Pro machine, it throws an error: "Error 87: The parameter is incorrect"
    Here's the juicy log:

    Jul 13 20:33:23 charon: 15[NET] <1> received packet: from ClientIP[500] to IPSecIP[500] (616 bytes)
    Jul 13 20:33:23 charon: 15[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]
    Jul 13 20:33:23 charon: 15[IKE] <1> received MS NT5 ISAKMPOAKLEY v9 vendor ID
    Jul 13 20:33:23 charon: 15[IKE] <1> received MS NT5 ISAKMPOAKLEY v9 vendor ID
    Jul 13 20:33:23 charon: 15[IKE] <1> received MS-Negotiation Discovery Capable vendor ID
    Jul 13 20:33:23 charon: 15[IKE] <1> received MS-Negotiation Discovery Capable vendor ID
    Jul 13 20:33:23 charon: 15[IKE] <1> received Vid-Initial-Contact vendor ID
    Jul 13 20:33:23 charon: 15[IKE] <1> received Vid-Initial-Contact vendor ID
    Jul 13 20:33:23 charon: 15[ENC] <1> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
    Jul 13 20:33:23 charon: 15[IKE] <1> ClientIP is initiating an IKE_SA
    Jul 13 20:33:23 charon: 15[IKE] <1> ClientIP is initiating an IKE_SA
    Jul 13 20:33:23 charon: 15[IKE] <1> remote host is behind NAT
    Jul 13 20:33:23 charon: 15[IKE] <1> remote host is behind NAT
    Jul 13 20:33:23 charon: 15[IKE] <1> sending cert request for "C=US, ST=California, L=San Leandro, O=Smart-Decision, redacted"
    Jul 13 20:33:23 charon: 15[IKE] <1> sending cert request for "C=US, ST=California, L=San Leandro, O=Smart-Decision, redactedet"
    Jul 13 20:33:23 charon: 15[IKE] <1> sending cert request for "C=US, ST=California, L=Santa Cruz, O=MirageSpace, redactedet"
    Jul 13 20:33:23 charon: 15[IKE] <1> sending cert request for "C=US, ST=California, L=Santa Cruz, O=MirageSpace, redactedt"
    Jul 13 20:33:23 charon: 15[ENC] <1> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
    Jul 13 20:33:23 charon: 15[NET] <1> sending packet: from IPSecIP[500] to ClientIP[500] (357 bytes)
    Jul 13 20:33:53 charon: 16[JOB] <1> deleting half open IKE_SA after timeout

    0
  • D
    Banned

    Try with latest 2.2.4-DEVEL snapshot. http://snapshots.pfsense.org/

    0
  • Z

    @doktornotor:

    Try with latest 2.2.4-DEVEL snapshot. http://snapshots.pfsense.org/

    Negative, sir. Going to 2.2.4 did not make IPSec work Windows. It was working on 2.2.2.

    Thanks

    0
  • D
    Banned

    Try again in a couple of days perhaps – and watch Redmine. I gave up on IPsec.

    0
  • Z

    Actually, even after I downgraded it to 2.2.2, my Windows machine is still borking… I will reinstall Windows and test again.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy