Project

General

Profile

Actions

Bug #2721

closed

IPSEC NAT-T with iPad client

Added by Steve Wong over 12 years ago. Updated over 12 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
12/16/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Hi,

I can successful setup pfsense 2.01 + ipsec with iPad client. Everything was fine except when I change the NAT-T option from disable to force.

My ipad simply could not connect the the pfsense IPsec server. On he ipad side, I got an "Negotiation with the VPN server failed", while on the pfsense side, I got :

Dec 17 12:53:55 racoon: [Self]: INFO: respond new phase 1 negotiation: x.x.x.x500<=>x.x.x.x416
Dec 17 12:53:55 racoon: INFO: begin Aggressive mode.
Dec 17 12:53:55 racoon: INFO: received Vendor ID: RFC 3947
Dec 17 12:53:55 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
Dec 17 12:53:55 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
Dec 17 12:53:55 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
Dec 17 12:53:55 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
Dec 17 12:53:55 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
Dec 17 12:53:55 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 17 12:53:55 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 17 12:53:55 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 17 12:53:55 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Dec 17 12:53:55 racoon: INFO: received Vendor ID: CISCO-UNITY
Dec 17 12:53:55 racoon: INFO: received Vendor ID: DPD
Dec 17 12:53:55 racoon: [x.x.x.x] INFO: Selected NAT-T version: RFC 3947
Dec 17 12:53:55 racoon: INFO: Adding remote and local NAT-D payloads.
Dec 17 12:53:55 racoon: [x.x.x.x] INFO: Hashing x.x.x.x416 with algo #2 (NAT-T forced)
Dec 17 12:53:55 racoon: [Self]: [x.x.x.x] INFO: Hashing x.x.x.x500 with algo #2 (NAT-T forced)
Dec 17 12:53:55 racoon: INFO: Adding xauth VID payload.
Dec 17 12:54:45 racoon: ERROR: phase1 negotiation failed due to time up. 8bf9798df84feaab:aae7d6c48a2c2c0d

Can anyone help me to correct his ?

Actions #1

Updated by Chris Buechler over 12 years ago

  • Status changed from New to Rejected

NAT-T works in general with the iPad. Please post to the forum or list for help, this is a support issue, not a bug, at this point.

Actions

Also available in: Atom PDF