PFsense VPN all types failing?

vpn ipsec pfsense pptp l2tp
8,288

Solution 1

iThingies are picky about what exactly they need when it comes to VPN. The problem is basically, the defaults most VPN servers use for IPSec is too insecure for iThingies.

Has some good tips: Error connecting to Sonicwall L2TP VPN from iPad/iPhone

I had a very similar problem getting iThingies to talk to a SonicWall, and had to make some significant changes that made that particular VPN setup not work for anything BUT iThingies.

Specifically, the IKE proposals need to be modified to be something iOS supports. A list can be found here, but for posterity:

Phase 1 transforms

  • All pre-shared key
  • AES 256 encryption / SHA1 or MD5 authentication / Diffie Helman group 2
  • AES 128 encryption / SHA1 or MD5 auth / DH Group 2
  • 3DES encryption / SHA1 auth / DH Group 2

Phase 2 transforms

  • AES256 encryption / SHA1 or MD5 authentication
  • AES128 / SHA1 or MD5
  • 3DES / SHA1 or MD5

iOS3 is even more restrictive.

Solution 2

From what I see from your logs, the only error you're getting is the latter, IPSec, which is likely because the iPhone wants Main Mode not Aggressive Mode for IKE. The other "errors", well, it looks like the pfSense hasn't received a request yet for PPTP or L2TP.

Are you connecting with 3G/4G/LTE? Could very well be a limitation from your service provider if you're not receiving any traffic.

I would suggest doing a packet capture on the WAN interface to confirm that you are receiving packets. Also, try with a wifi connection, see if you get the same results.

Solution 3

The L2TP is strictly L2TP, not L2TP+IPsec which is what iOS requires. L2TP+IPsec is not supported in pfSense at this time.

PPTP and IPsec will both work no problem with iOS. IPsec is more complex but not all that hard. http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0

PPTP is basically impossible to not configure correctly. The fact it doesn't work suggests you either have basic WAN-side connectivity problems, or are using a 3G/4G carrier whose CGNAT doesn't pass GRE, which is common in many places and means PPTP cannot function on that 3G/4G network. IPsec has no such issues.

Share:
8,288

Related videos on Youtube

dannymcc
Author by

dannymcc

Updated on September 18, 2022

Comments

  • dannymcc
    dannymcc over 1 year

    I am trying to configure a new PFsense router (64 bit) and am trying to to get the VPN functions working.

    I have enabled PPTP, L2TP and IPSec. I've added allow all rules to all LAN's, WAN's and each of the VPN types while I test it.

    L2TP Raw Logs l2tps: process 25991 started, version 4.4.1 (root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org 13:49 11-Aug-2011) l2tps: Label 'startup' not found l2tps: [l2tp0] using interface l2tp0 l2tps: L2TP: waiting for connection on 0.0.0.0 1701

    PPTP Raw Logs pptps: process 60043 started, version 4.4.1 (root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org 13:49 11-Aug-2011) pptps: Label 'startup' not found pptps: PPTP: waiting for connection on 0.0.0.0 pptps: [pt0] using interface pptpd0

    IPSec Raw Logs racoon: [94.197.127.20] ERROR: exchange Identity Protection not allowed in any applicable rmconf.

    I can't see to connect to any of them using my test device (iPhone 5). They iPhone just says connecting and then eventually fails saying the remote server did not respond.

    Is this a known issue or am I missing something obvious?

    Additional Settings

    enter image description here enter image description here enter image description here enter image description here enter image description here

    • Mutahir
      Mutahir over 11 years
      I had faced an exact same issue about a month ago...I read some where on pfsense forum that its the 64 bit version which has a issue, I then installed 32 bit pfsense and all waswell. Give that a go n see if that works
  • Chris Buechler
    Chris Buechler over 11 years
    the defaults in pfSense match what iOS requires. Some other things do default to "too-insecure-for-iOS" options but not us.
  • dannymcc
    dannymcc over 11 years
    From what I've read the setting I have should work on iOS and Windows/Mac workstations. I'll give the above alterations a try though.
  • dannymcc
    dannymcc over 11 years
    The iPhone can connect to a PPTP and L2TP VPN running on a Draytek Vigor using default settings. It's connecting over 3G both times.
  • dannymcc
    dannymcc over 11 years
    I've added screenshots of my WAN settings, can you see anything blindingly obviously wrong?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

PFSense IPSec connection established, wan works, lan not
IPsec on pfSense: Tunnel is up, but I can't connect to remote host
IPSec/L2TP VPN connection fails
IPSec with or without L2TP?
Can't connect to L2TP IPsec VPN from Windows 10 but it works with macOS High Sierra
L2TP/IPSec stopped working after openssl upgrade
L2TP/IPsec VPN fails to connect on Windows 10 - Works fine on iOS
Cannot connect to VPN on Server 2012
pfSense/strongSwan "deleting half open IKE_SA after timeout" - IPSec connection Android 4.4 to pfSense 2.2.1 fails
PFsense IPSec VPN failing phase 2