Project

General

Profile

Actions
Copy link

Bug #8404

closed

IPSec pre-shared key

Added by Lasse not relevant about 6 years ago. Updated over 4 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
03/31/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.3
Affected Plus Version:
Affected Architecture:

Description

After upgrading from 2.4.2_p1 to 2.4.3, just the last added (active) IPSec tunnel <PSK> matches in PHASE-1.

All other tunnel with PSK fail.
If you use the PSK from the last (aktive) entry in the list -> we have a connection.
So maybe it is a problem with %any and the way pfsense try to match PSK?

If you need more information/log files, please specify which information is important for you.

Two active IPsec tunnel:
/var/etc/ipsec/ipsec.secret

<WANIP> @<DN> : PSK <01-PSK> : PSK <01-PSK>
%any <IP-OTHER-SIDE> : PSK <02-PSK>

IPsec conf (cause it's for mac):
Auth method: Mutual PSK + Xauth
Negotiation mode: Aggressice
My identifier: My IP adresse
Peer identifier: Distinguished name : <DN>
Pre-Shared key: <01-PSK>

Further, the mobile clients authenticate against an external RADIUS.

The second one (side-to-side):
Auth method: Mutual PSK
Negotiation mode: Main
My identifier: My IP adresse
Peer identifier: Peer IP address
Pre-Shared key: <02-PSK>

Actions
Copy link

Also available in: Atom PDF