Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    MultiWan and IPsec

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      george203
      last edited by

      Hello,

      I have two Wan connections set up as failover. I have clients that use Shrewsoft VPN client to connect to our main WAN. Some of our people have problems using our Main Wan, because they are from another country…so they report random disconnects from ShrewSoft.

      I wanted to use the second WAN connection to check if the connection would be better. However I cannot seem to get it working...I've set the interface to the 1st Failover Group in Phase 1 IPSec. Our normal WAN Ipsec works.

      If we change the IP of the ShrewSoft VPN client to the second WAN ip address as the destination, it does not work, our logs report:

      Oct 20 12:13:58 charon: 15[IKE] <579> found 1 matching config, but none allows XAuthInitPSK authentication using Aggressive Mode
      Oct 20 12:13:58 charon: 15[IKE] <579> found 1 matching config, but none allows XAuthInitPSK authentication using Aggressive Mode

      We are using MUTUAL PSK + XAuth and Aggressive mode plus LDAP authentication…it works fine with the main WAN, not with the second.

      Are there any additional settings that need to be done? Backup wan has a firewall rule to allow IPSEC and ike.

      In the Shrewsoft Client, I only changed the destination ip address.

      Any help would pe appreciated :)

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.