FortiClient VPN Connecting to pfSense IPSec VPN



  • Hi Guys,

    Anyone had any luck getting a FortiClient to connect to a pfSense IPSec VPN as a mobile client? I keep getting the errors below. Android seems to work fine on this configuration using the same creds and settings as far as I can see.

    Sep 12 18:28:58 charon: 04[NET] received invalid IKE header from (CLIENT'S PUBLIC IP) - ignored
    Sep 12 18:28:58 charon: 04[ENC] header verification failed
    Sep 12 18:28:55 charon: 04[NET] received unsupported IKE version 7.1 from (CLIENT'S PUBLIC IP), sending INVALID_MAJOR_VERSION

    Sep 12 18:28:55 charon: 04[NET] sending packet: from (MY IP)[4500] to (CLIENT'S PUBLIC IP)[4500] (36 bytes)
    Sep 12 18:28:55 charon: 04[ENC] generating INFORMATIONAL response 0 [ N(INVAL_MAJOR) ]
    Sep 12 18:28:52 charon: 12[NET] <14> sending packet: from (MY IP)[4500] to (CLIENT'S PUBLIC IP)[4500] (92 bytes)
    Sep 12 18:28:52 charon: 12[ENC] <14> generating INFORMATIONAL_V1 request 1073886484 [ HASH N(AUTH_FAILED) ]
    Sep 12 18:28:52 charon: 12[IKE] <14> found 2 matching configs, but none allows pre-shared key authentication using Main Mode
    Sep 12 18:28:52 charon: 12[IKE] <14> found 2 matching configs, but none allows pre-shared key authentication using Main Mode
    Sep 12 18:28:52 charon: 12[CFG] <14> looking for pre-shared key peer configs matching (MY IP)…(CLIENT'S PUBLIC IP)[192.168.43.104]

    The "unsupported IKE version 7.1" has a different number every connection attempt.

    ver 2.2.4-RELEASE

    Hints?

    Cheers,



  • Sure that client will work to anything other than a Fortinet? Reporting non-existent IKE versions seems to indicate it's trying to do something proprietary.



  • Yeah that's pretty much what I suspect is happening but was hoping someone had found a work-around.