Ipsec to mobile windows client
-
using
-windows 8
-shrew soft vpn client
-pf 2.2.4=shrew soft shows it was "tunnel enabled" but shows no estableshed security associations
=client was given an ip address from the vpn pool
=could ping the ip address but couldnt ping the rest…ie the firewall lan ip
=status of vpn ipsec shows NO SAD and NO SPDsee partial ipsec logs...myt help
Aug 8 03:14:14 charon: 09[IKE] <con1|52>sending DPD request
Aug 8 03:14:14 charon: 09[IKE] <con1|52>sending DPD request
Aug 8 03:14:14 charon: 09[ENC] <con1|52>generating INFORMATIONAL_V1 request 3088578214 [ HASH N(DPD) ]
Aug 8 03:14:14 charon: 09[NET] <con1|52>sending packet: from 192.168.30.1[4500] to 192.168.30.254[4500] (92 bytes)
Aug 8 03:14:14 charon: 09[NET] <con1|52>received packet: from 192.168.30.254[4500] to 192.168.30.1[4500] (92 bytes)
Aug 8 03:14:14 charon: 09[ENC] <con1|52>parsed INFORMATIONAL_V1 request 2888719617 [ HASH N(DPD_ACK) ]
Aug 8 03:14:19 charon: 09[NET] <con1|52>received packet: from 192.168.30.254[4500] to 192.168.30.1[4500] (92 bytes)
Aug 8 03:14:19 charon: 09[ENC] <con1|52>parsed INFORMATIONAL_V1 request 4253231959 [ HASH N(DPD) ]
Aug 8 03:14:19 charon: 09[ENC] <con1|52>generating INFORMATIONAL_V1 request 1325839273 [ HASH N(DPD_ACK) ]
Aug 8 03:14:19 charon: 09[NET] <con1|52>sending packet: from 192.168.30.1[4500] to 192.168.30.254[4500] (92 bytes)
Aug 8 03:14:29 charon: 09[IKE] <con1|52>sending DPD request
Aug 8 03:14:29 charon: 09[IKE] <con1|52>sending DPD requestthanks for any help</con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52></con1|52>
-
Hi
Because the Shrew Soft VPN client is not compatible with Windows 10 and IKEv2 is better than IKEv1 try following this guide:
https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
I have it working on all my remote clients except StrongSwan client on Linux which is why I am here posting today. It works really well. I am following this post so if you have any questions let me know.
IKEv3
-
had it worked….changed the compress algo with deflate....
-
sorry…not the compress algo...its the pfs setting only