Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Ipsec to mobile windows client

    IPsec
    2
    4
    813
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      ozlecz last edited by

      using
      -windows 8
      -shrew soft vpn client
      -pf 2.2.4

      =shrew soft shows it was "tunnel enabled" but shows no estableshed security associations
      =client was given an ip address from the vpn pool
      =could ping the ip address but couldnt ping the rest…ie the firewall lan ip
      =status of vpn ipsec shows NO SAD and NO SPD

      see partial ipsec logs...myt help

      Aug 8 03:14:14 charon: 09[IKE] <con1|52>sending DPD request
      Aug 8 03:14:14 charon: 09[IKE] <con1|52>sending DPD request
      Aug 8 03:14:14 charon: 09[ENC] <con1|52>generating INFORMATIONAL_V1 request 3088578214 [ HASH N(DPD) ]
      Aug 8 03:14:14 charon: 09[NET] <con1|52>sending packet: from 192.168.30.1[4500] to 192.168.30.254[4500] (92 bytes)
      Aug 8 03:14:14 charon: 09[NET] <con1|52>received packet: from 192.168.30.254[4500] to 192.168.30.1[4500] (92 bytes)
      Aug 8 03:14:14 charon: 09[ENC] <con1|52>parsed INFORMATIONAL_V1 request 2888719617 [ HASH N(DPD_ACK) ]
      Aug 8 03:14:19 charon: 09[NET] <con1|52>received packet: from 192.168.30.254[4500] to 192.168.30.1[4500] (92 bytes)
      Aug 8 03:14:19 charon: 09[ENC] <con1|52>parsed INFORMATIONAL_V1 request 4253231959 [ HASH N(DPD) ]
      Aug 8 03:14:19 charon: 09[ENC] <con1|52>generating INFORMATIONAL_V1 request 1325839273 [ HASH N(DPD_ACK) ]
      Aug 8 03:14:19 charon: 09[NET] <con1|52>sending packet: from 192.168.30.1[4500] to 192.168.30.254[4500] (92 bytes)
      Aug 8 03:14:29 charon: 09[IKE] <con1|52>sending DPD request
      Aug 8 03:14:29 charon: 09[IKE] <con1|52>sending DPD request

      thanks for any help</con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52>

      1 Reply Last reply Reply Quote 0
      • M
        mwhitcomb7 last edited by

        Hi

        Because the Shrew Soft VPN client is not compatible with Windows 10 and IKEv2 is better than IKEv1 try following this guide:

        https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

        I have it working on all my remote clients except StrongSwan client on Linux which is why I am here posting today. It works really well. I am following this post so if you have any questions let me know.

        IKEv3

        1 Reply Last reply Reply Quote 0
        • O
          ozlecz last edited by

          had it worked….changed the compress algo with deflate....

          1 Reply Last reply Reply Quote 0
          • O
            ozlecz last edited by

            sorry…not the compress algo...its the pfs setting only

            1 Reply Last reply Reply Quote 0
            • First post
              Last post