PFSense - Android IPSec VPN not working?

ComputerBox34

[H]F Junkie
Joined
Nov 12, 2003
Messages
12,472
Anybody having issues with the latest release of PFSense and IPSec VPN using xauth PSK? I am able to get it to work on iOS and Windows using the Cisco client with no problems yet Android always fails. Based on the logs, it looks like it's having trouble with Phase1 during the IKEv1 handshake? Any experience here?
 

ComputerBox34

[H]F Junkie
Joined
Nov 12, 2003
Messages
12,472
Logs:

Code:
an 8 21:09:27	charon: 12[NET] <10> received packet: from [Android Phone IP][11324] to [PFSense IP][500] (782 bytes)
Jan 8 21:09:27	charon: 12[ENC] <10> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V ]
Jan 8 21:09:27	charon: 12[IKE] <10> received FRAGMENTATION vendor ID
Jan 8 21:09:27	charon: 12[IKE] <10> received NAT-T (RFC 3947) vendor ID
Jan 8 21:09:27	charon: 12[IKE] <10> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 8 21:09:27	charon: 12[IKE] <10> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 8 21:09:27	charon: 12[IKE] <10> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 8 21:09:27	charon: 12[IKE] <10> received XAuth vendor ID
Jan 8 21:09:27	charon: 12[IKE] <10> received Cisco Unity vendor ID
Jan 8 21:09:27	charon: 12[IKE] <10> received DPD vendor ID
Jan 8 21:09:27	charon: 12[IKE] <10> [Android Phone IP] is initiating a Aggressive Mode IKE_SA
Jan 8 21:09:27	charon: 12[CFG] <10> looking for XAuthInitPSK peer configs matching [PFSense IP]...[Android Phone IP][_vpn_users]
Jan 8 21:09:27	charon: 12[CFG] <10> selected peer config "con1"
Jan 8 21:09:27	charon: 12[ENC] <con1|10> generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V V ]
Jan 8 21:09:27	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:30	charon: 12[NET] <con1|10> received packet: from [Android Phone IP][11324] to [PFSense IP][500] (782 bytes)
Jan 8 21:09:30	charon: 12[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
Jan 8 21:09:30	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:31	charon: 12[IKE] <con1|10> sending retransmit 1 of response message ID 0, seq 1
Jan 8 21:09:31	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:33	charon: 12[NET] <con1|10> received packet: from [Android Phone IP][11324] to [PFSense IP][500] (782 bytes)
Jan 8 21:09:33	charon: 12[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
Jan 8 21:09:33	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:36	charon: 12[NET] <con1|10> received packet: from [Android Phone IP][11324] to [PFSense IP][500] (782 bytes)
Jan 8 21:09:36	charon: 12[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
Jan 8 21:09:36	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:38	charon: 12[IKE] <con1|10> sending retransmit 2 of response message ID 0, seq 1
Jan 8 21:09:38	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:38	charon: 12[NET] <con1|10> received packet: from [Android Phone IP][11324] to [PFSense IP][500] (782 bytes)
Jan 8 21:09:38	charon: 12[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
Jan 8 21:09:38	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:41	charon: 12[NET] <con1|10> received packet: from [Android Phone IP][11324] to [PFSense IP][500] (782 bytes)
Jan 8 21:09:41	charon: 12[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
Jan 8 21:09:41	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:44	charon: 12[NET] <con1|10> received packet: from [Android Phone IP][11324] to [PFSense IP][500] (782 bytes)
Jan 8 21:09:44	charon: 12[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
Jan 8 21:09:44	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:48	charon: 12[NET] <con1|10> received packet: from [Android Phone IP][11324] to [PFSense IP][500] (782 bytes)
Jan 8 21:09:48	charon: 12[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
Jan 8 21:09:48	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:51	charon: 12[NET] <con1|10> received packet: from [Android Phone IP][11324] to [PFSense IP][500] (782 bytes)
Jan 8 21:09:51	charon: 12[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
Jan 8 21:09:51	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:51	charon: 12[IKE] <con1|10> sending retransmit 3 of response message ID 0, seq 1
Jan 8 21:09:51	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:53	charon: 12[NET] <con1|10> received packet: from [Android Phone IP][11324] to [PFSense IP][500] (782 bytes)
Jan 8 21:09:53	charon: 12[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
Jan 8 21:09:53	charon: 12[NET] <con1|10> sending packet: from [PFSense IP][500] to [Android Phone IP][11324] (432 bytes)
Jan 8 21:09:57	charon: 12[JOB] <con1|10> deleting half open IKE_SA after timeout

Phone: Nexus 6P running Stock Android 6.0.1 on VZW
 
Top