Netgear IPSec VPN Site 2 Site ISKMP Version Error

  • Hi All

    I have configured a a netgear DGND3700v2 router for ipsec site 2 site vpn to pfsense v2.1.3

    The netgear router is reporting SENDING NOTIFICATION (INVALID_MAJOR_VERSION) ******

    The pfsense is reporting  packet shorter than isakmp header size (40, 12, 28)

    Could anyone help or is there a known fix or am i doing something wrong?

    Thanks all


  • Hi

    Tunnel is now up.

    However i can only ping from the pfsense LAN to the Netgear LAN and not the other way round.

    I have the 4500/500 in IPsec rules.

    The netgear open outbound firewall, cant see any tick box for allow ipsec passthrough so i assume this is enabled automatically when the vpn policy is added.

    Any thoughts would be appreciated


  • Same problemi here!

    PfSense 2.3.1 <–--> Netgear router DG834
    Tunnel UP, but not traffic.
    In my case tunnel goes up only when the Netgear works as responder only.


  • Invalid major version means you have one side on IKEv1 and the other on IKEv2 more than likely. Some vendors have proprietary IPsec extensions that use other version numbers, but pretty sure Netgear isn't among those.

Log in to reply