OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 15.7 Legacy Series »
  • IPSec Mobile Client VPN will not connect
« previous next »
  • Print
Pages: [1]

Author Topic: IPSec Mobile Client VPN will not connect  (Read 1980 times)

blainer

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
IPSec Mobile Client VPN will not connect
« on: March 18, 2016, 05:54:36 pm »
OPNsense 15.7.18_1-amd64
FreeBSD 10.1-RELEASE-p23
OpenSSL 1.0.2d 9 Jul 2015

I have tried almost every possible combination of settings and I CANNOT produce a working IPSec VPN connection, with either my Android phone or ShewSoft VPN Client on Linux or Windows.

I always hit the same two errors and cannot for the life of me figure out how to solve either.

When trying Hybrid RSA + Xauth this is the result.

Code: [Select]
Mar 18 12:39:40 charon: 09[JOB] deleting half open IKE_SA after timeout
Mar 18 12:39:10 charon: 09[NET] sending packet: from 24.73.###.### [500] to 66.87.###.###[2917] (397 bytes)
Mar 18 12:39:10 charon: 09[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]
Mar 18 12:39:10 charon: 09[IKE] sending cert request for "C=US, ST=Florida, L=Clearwater, O=bah, E=, CN=internal-ca"
Mar 18 12:39:10 charon: 09[IKE] <47> sending cert request for "C=US, ST=Florida, L=Clearwater, O=example, E=test@example.com, CN=internal-ca"
Mar 18 12:39:10 charon: 09[IKE] remote host is behind NAT
Mar 18 12:39:10 charon: 09[IKE] <47> remote host is behind NAT
Mar 18 12:39:10 charon: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mar 18 12:39:10 charon: 09[NET] received packet: from 66.87.###.###[2917] to 24.73.###.###[500] (228 bytes)
Mar 18 12:39:10 charon: 09[NET] sending packet: from 24.73.###.###[500] to 66.87.###.###[2917] (180 bytes)
Mar 18 12:39:10 charon: 09[ENC] generating ID_PROT response 0 [ SA V V V V V ]
Mar 18 12:39:10 charon: 09[IKE] 66.87.###.### is initiating a Main Mode IKE_SA
Mar 18 12:39:10 charon: 09[IKE] <47> 66.87.###.### is initiating a Main Mode IKE_SA
Mar 18 12:39:10 charon: 09[IKE] received DPD vendor ID
Mar 18 12:39:10 charon: 09[IKE] <47> received DPD vendor ID
Mar 18 12:39:10 charon: 09[IKE] received FRAGMENTATION vendor ID
Mar 18 12:39:10 charon: 09[IKE] <47> received FRAGMENTATION vendor ID
Mar 18 12:39:10 charon: 09[IKE] received Cisco Unity vendor ID
Mar 18 12:39:10 charon: 09[IKE] <47> received Cisco Unity vendor ID
Mar 18 12:39:10 charon: 09[IKE] received XAuth vendor ID
Mar 18 12:39:10 charon: 09[IKE] <47> received XAuth vendor ID
Mar 18 12:39:10 charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Mar 18 12:39:10 charon: 09[IKE] <47> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Mar 18 12:39:10 charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 18 12:39:10 charon: 09[IKE] <47> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 18 12:39:10 charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Mar 18 12:39:10 charon: 09[IKE] <47> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Mar 18 12:39:10 charon: 09[IKE] received NAT-T (RFC 3947) vendor ID
Mar 18 12:39:10 charon: 09[IKE] <47> received NAT-T (RFC 3947) vendor ID
Mar 18 12:39:10 charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Mar 18 12:39:10 charon: 09[NET] received packet: from 66.87.###.###[2917] to 24.73.###.###[500] (476 bytes)

When trying Hybrid PSK + Xauth  I get reconnecting errors until it times out and deletes the half open IKE session.

I have followed the guides word for word, still unable to get this working.

Please help.
« Last Edit: March 23, 2016, 03:15:37 pm by blainer »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 15.7 Legacy Series »
  • IPSec Mobile Client VPN will not connect
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2019 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2