IPSec Mobile Client VPN will not connect

blainer · March 18, 2016, 05:54:36 PM

OPNsense 15.7.18_1-amd64
FreeBSD 10.1-RELEASE-p23
OpenSSL 1.0.2d 9 Jul 2015

I have tried almost every possible combination of settings and I CANNOT produce a working IPSec VPN connection, with either my Android phone or ShewSoft VPN Client on Linux or Windows.

I always hit the same two errors and cannot for the life of me figure out how to solve either.

When trying Hybrid RSA + Xauth this is the result.

Code Select


Mar 18 12:39:40 	charon: 09[JOB] deleting half open IKE_SA after timeout
Mar 18 12:39:10 	charon: 09[NET] sending packet: from 24.73.###.### [500] to 66.87.###.###[2917] (397 bytes)
Mar 18 12:39:10 	charon: 09[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]
Mar 18 12:39:10 	charon: 09[IKE] sending cert request for "C=US, ST=Florida, L=Clearwater, O=bah, E=, CN=internal-ca"
Mar 18 12:39:10 	charon: 09[IKE] <47> sending cert request for "C=US, ST=Florida, L=Clearwater, O=example, E=test@example.com, CN=internal-ca"
Mar 18 12:39:10 	charon: 09[IKE] remote host is behind NAT
Mar 18 12:39:10 	charon: 09[IKE] <47> remote host is behind NAT
Mar 18 12:39:10 	charon: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mar 18 12:39:10 	charon: 09[NET] received packet: from 66.87.###.###[2917] to 24.73.###.###[500] (228 bytes)
Mar 18 12:39:10 	charon: 09[NET] sending packet: from 24.73.###.###[500] to 66.87.###.###[2917] (180 bytes)
Mar 18 12:39:10 	charon: 09[ENC] generating ID_PROT response 0 [ SA V V V V V ]
Mar 18 12:39:10 	charon: 09[IKE] 66.87.###.### is initiating a Main Mode IKE_SA
Mar 18 12:39:10 	charon: 09[IKE] <47> 66.87.###.### is initiating a Main Mode IKE_SA
Mar 18 12:39:10 	charon: 09[IKE] received DPD vendor ID
Mar 18 12:39:10 	charon: 09[IKE] <47> received DPD vendor ID
Mar 18 12:39:10 	charon: 09[IKE] received FRAGMENTATION vendor ID
Mar 18 12:39:10 	charon: 09[IKE] <47> received FRAGMENTATION vendor ID
Mar 18 12:39:10 	charon: 09[IKE] received Cisco Unity vendor ID
Mar 18 12:39:10 	charon: 09[IKE] <47> received Cisco Unity vendor ID
Mar 18 12:39:10 	charon: 09[IKE] received XAuth vendor ID
Mar 18 12:39:10 	charon: 09[IKE] <47> received XAuth vendor ID
Mar 18 12:39:10 	charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Mar 18 12:39:10 	charon: 09[IKE] <47> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Mar 18 12:39:10 	charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 18 12:39:10 	charon: 09[IKE] <47> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 18 12:39:10 	charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Mar 18 12:39:10 	charon: 09[IKE] <47> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Mar 18 12:39:10 	charon: 09[IKE] received NAT-T (RFC 3947) vendor ID
Mar 18 12:39:10 	charon: 09[IKE] <47> received NAT-T (RFC 3947) vendor ID
Mar 18 12:39:10 	charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Mar 18 12:39:10 	charon: 09[NET] received packet: from 66.87.###.###[2917] to 24.73.###.###[500] (476 bytes)

When trying Hybrid PSK + Xauth I get reconnecting errors until it times out and deletes the half open IKE session.

I have followed the guides word for word, still unable to get this working.

Please help.

IPSec Mobile Client VPN will not connect

blainer

March 18, 2016, 05:54:36 PM Last Edit: March 23, 2016, 03:15:37 PM by blainer