OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: uli1954 on October 20, 2016, 02:32:30 am

Title: Can not enter peer identifier
Post by: uli1954 on October 20, 2016, 02:32:30 am
Hi,
I am trying to setup an IPSec tunnel for an iPhone.
The setup procedure requires to put in a peer identifier (usually an email address)
Strangely these 2 fields don't show up  in my window. (see attached) What am I doing wrong?
Uli
Title: Re: Can not enter peer identifier
Post by: asubrama on October 29, 2016, 07:28:19 pm
I have the same issue too.
Title: Re: Can not enter peer identifier
Post by: franco on October 30, 2016, 10:52:14 am
The peer identifier was unused and therefore removed. It is still in the docs by mistake, but it will be fixed.

Do you have issues with the mobile IPsec connections?
Title: Re: Can not enter peer identifier
Post by: MasterFw on December 26, 2016, 11:41:51 pm
Hi All,

I'm having the same issue, and I can't get the Ipsec VPN to work without it!

Dec 26 17:33:51    charon: 15[ENC] generating INFORMATIONAL_V1 request 3445893822 [ HASH N(AUTH_FAILED) ]
Dec 26 17:33:51    charon: 15[IKE] found 1 matching config, but none allows pre-shared key authentication using Main Mode
Dec 26 17:33:51    charon: 15[CFG] looking for pre-shared key peer configs matching ......deleted.....
Title: Re: Can not enter peer identifier
Post by: mitchskis on December 30, 2016, 08:46:04 pm
I've found that you can type anything is iOS (10.2)'s "Group Name" field and succeed but you must type something. Leaving the field null (at least in the iOS client) will cause a "Negotiation with the VPN server failed." error message.

I'd like like to see OPNsense accept a null group name.

I'd modify the documentation (https://docs.opnsense.org/manual/how-tos/ipsec-road.html) to
A) remove references to the "Peer identifier" at Phase 1 proposal (Authentication)
B) update Configure OSX Client to indicate the the Group Name can not be null
C) update Configure iOS Client to remove the IPsec-id row from the example settings table
D) update Configure iOS Client to add a Group Name row and indicate that it can not be null