Bug #8404
closedIPSec pre-shared key
0%
Description
After upgrading from 2.4.2_p1 to 2.4.3, just the last added (active) IPSec tunnel <PSK> matches in PHASE-1.
All other tunnel with PSK fail.
If you use the PSK from the last (aktive) entry in the list -> we have a connection.
So maybe it is a problem with %any and the way pfsense try to match PSK?
If you need more information/log files, please specify which information is important for you.
Two active IPsec tunnel:
/var/etc/ipsec/ipsec.secret
<WANIP> @<DN> : PSK <01-PSK> : PSK <01-PSK>
%any <IP-OTHER-SIDE> : PSK <02-PSK>
IPsec conf (cause it's for mac):
Auth method: Mutual PSK + Xauth
Negotiation mode: Aggressice
My identifier: My IP adresse
Peer identifier: Distinguished name : <DN>
Pre-Shared key: <01-PSK>
Further, the mobile clients authenticate against an external RADIUS.
The second one (side-to-side):
Auth method: Mutual PSK
Negotiation mode: Main
My identifier: My IP adresse
Peer identifier: Peer IP address
Pre-Shared key: <02-PSK>