Upgrade from 2.2.1 to 2.2.4 broke IPsec VPN
-
Hi, I've been using pfSense IPsec VPN for months and it worked flawlessly until Thursday when I decided to upgrade to 2.2.4, and then it didn't. I re-installed 2.2.1 and everything was fine again. I'm using ShrewSoft Standard edition v2.2.2 client. I checked the logs and the relevant error seems to be "found 1 matching config, but none allows XAuthInitPSK authentication using Main Mode". Client settings are:
n:version:4
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:0
n:client-banner-enable:1
n:network-notify-enable:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-dns-suffix-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:client-wins-used:1
n:client-wins-auto:1
n:phase1-dhgroup:2
n:phase1-life-secs:28800
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:1
s:network-host:68.15.62.200
s:client-auto-mode:pull
s:client-iface:virtual
s:network-natt-mode:force-rfc
s:network-frag-mode:enable
s:auth-method:mutual-psk-xauth
s:ident-client-type:address
s:ident-server-type:address
s:ident-client-data:192.168.1.80
s:ident-server-data:[removed]
b:auth-mutual-psk:[removed]
s:phase1-exchange:main
s:phase1-cipher:3des
s:phase1-hash:sha2-256
s:phase2-transform:esp-3des
s:phase2-hmac:sha2-256
s:ipcomp-transform:disabled
n:phase2-pfsgroup:2
s:policy-level:autoand these settings seem to match what I can understand of the pfSense settings.
Any ideas? Thanks.