IPsec mobile remote access (roadwarrior) responder (server) configuration
IPsec mobile client configuration (Hybrid XAuth Server) does not put 'passive on' directive into racoon.conf as recommended on racoon manual (see generate_policy directive). Lack of this directive may result into server trying to initiate ISAKMP Phase-1 SA negotiation towards the client, which will not work, or at least will result into obscure behaviour when XAuth is involved.
Version: pfSense 2.0 beta (downloaded Feb 12, 2011).
#2 Updated by Chris Buechler about 8 years ago
forgot ticket in commit, change here: https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/9c04a8c0799335774db5bb163bd59ff510c04e12