Check alle échte Black Friday-deals Ook zo moe van nepaanbiedingen? Wij laten alleen échte deals zien
Toon posts:

pfSense IPSec i.c.m. Windows Phone

Pagina: 1
Acties:

donderdag 24 maart 2016 23:57

Acties:
  • Bart0n
  • Registratie: Oktober 2007
  • Laatst online: 13:37

Bart0n

Topicstarter
Goedeavond,

Ik probeer op mijn Windows Phone een VPN verbinding naar huis op te zetten.
Na wat zoeken en proberen, kwam ik uiteindelijk op deze 'how-to' uit.
https://doc.pfsense.org/i...sec#Configure_L2TP_Server

Op mijn pfSense alles ingesteld ala de how-to, echter wil mijn telefoon nog niet verbinden.
Het lijkt er wel op alsof de verbinding staat, en er dan binnen een paar seconden weer uitfloept.

code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

Mar 24 23:44:22 charon: 10[ENC] <13> parsed ID_PROT request 0 [ SA V V V V V V V V ]
Mar 24 23:44:22 charon: 10[ENC] <13> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
Mar 24 23:44:22 charon: 10[IKE] <13> received MS NT5 ISAKMPOAKLEY vendor ID
Mar 24 23:44:22 charon: 10[IKE] <13> received NAT-T (RFC 3947) vendor ID
Mar 24 23:44:22 charon: 10[IKE] <13> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 24 23:44:22 charon: 10[IKE] <13> received FRAGMENTATION vendor ID
Mar 24 23:44:22 charon: 10[ENC] <13> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Mar 24 23:44:22 charon: 10[ENC] <13> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Mar 24 23:44:22 charon: 10[ENC] <13> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Mar 24 23:44:22 charon: 10[IKE] <13> xxx.xxx.xxx.68 is initiating a Main Mode IKE_SA
Mar 24 23:44:22 charon: 10[ENC] <13> generating ID_PROT response 0 [ SA V V V V V ]
Mar 24 23:44:22 charon: 10[NET] <13> sending packet: from xxx.xxx.xxx.115[500] to xxx.xxx.xxx.68[23986] (180 bytes)
Mar 24 23:44:23 charon: 10[NET] <13> received packet: from xxx.xxx.xxx.68[23986] to xxx.xxx.xxx.115[500] (388 bytes)
Mar 24 23:44:23 charon: 10[ENC] <13> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mar 24 23:44:23 charon: 10[IKE] <13> remote host is behind NAT
Mar 24 23:44:23 charon: 10[ENC] <13> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Mar 24 23:44:23 charon: 10[NET] <13> sending packet: from xxx.xxx.xxx.115[500] to xxx.xxx.xxx.68[23986] (372 bytes)
Mar 24 23:44:23 charon: 10[NET] <13> received packet: from xxx.xxx.xxx.68[5245] to xxx.xxx.xxx.115[4500] (76 bytes)
Mar 24 23:44:23 charon: 10[ENC] <13> parsed ID_PROT request 0 [ ID HASH ]
Mar 24 23:44:23 charon: 10[CFG] <13> looking for pre-shared key peer configs matching xxx.xxx.xxx.115...xxx.xxx.xxx.68[10.117.105.46]
Mar 24 23:44:23 charon: 10[CFG] <13> selected peer config "con1"
[b]Mar 24 23:44:23  charon: 10[IKE] <con1|13> IKE_SA con1[13] established between xxx.xxx.xxx.115[xxx.xxx.xxx.115]...xxx.xxx.xxx.68[10.117.105.46][/b]
Mar 24 23:44:23 charon: 10[IKE] <con1|13> scheduling reauthentication in 28104s
Mar 24 23:44:23 charon: 10[IKE] <con1|13> maximum IKE_SA lifetime 28644s
Mar 24 23:44:23 charon: 10[IKE] <con1|13> DPD not supported by peer, disabled
Mar 24 23:44:23 charon: 10[ENC] <con1|13> generating ID_PROT response 0 [ ID HASH ]
Mar 24 23:44:23 charon: 10[NET] <con1|13> sending packet: from xxx.xxx.xxx.115[4500] to xxx.xxx.xxx.68[5245] (76 bytes)
Mar 24 23:44:23 charon: 10[NET] <con1|13> received packet: from xxx.xxx.xxx.68[5245] to xxx.xxx.xxx.115[4500] (444 bytes)
Mar 24 23:44:23 charon: 10[ENC] <con1|13> parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mar 24 23:44:23 charon: 10[IKE] <con1|13> received 250000000 lifebytes, configured 0
Mar 24 23:44:23 charon: 10[ENC] <con1|13> generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mar 24 23:44:23 charon: 10[NET] <con1|13> sending packet: from xxx.xxx.xxx.115[4500] to xxx.xxx.xxx.68[5245] (204 bytes)
Mar 24 23:44:23 charon: 10[NET] <con1|13> received packet: from xxx.xxx.xxx.68[5245] to xxx.xxx.xxx.115[4500] (60 bytes)
Mar 24 23:44:23 charon: 10[ENC] <con1|13> parsed QUICK_MODE request 1 [ HASH ]
[b]Mar 24 23:44:23  charon: 10[IKE] <con1|13> CHILD_SA con1{4} established with SPIs cfafd2a2_i 1e52472a_o and TS xxx.xxx.xxx.115/32|/0[udp/l2f] === xxx.xxx.xxx.68/32|/0[udp/l2f][/b]
[b]Mar 24 23:44:33  charon: 10[IKE] <con1|12> deleting IKE_SA con1[12] between xxx.xxx.xxx.115[xxx.xxx.xxx.115]...xxx.xxx.xxx.68[10.117.105.46][/b]
Mar 24 23:44:33 charon: 10[IKE] <con1|12> sending DELETE for IKE_SA con1[12]
Mar 24 23:44:33 charon: 10[ENC] <con1|12> generating INFORMATIONAL_V1 request 1656711106 [ HASH D ]
Mar 24 23:44:33 charon: 10[NET] <con1|12> sending packet: from xxx.xxx.xxx.115[4500] to xxx.xxx.xxx.68[5245] (92 bytes)
Mar 24 23:44:58 charon: 10[NET] <con1|13> received packet: from xxx.xxx.xxx.68[5245] to xxx.xxx.xxx.115[4500] (76 bytes)
Mar 24 23:44:58 charon: 10[ENC] <con1|13> parsed INFORMATIONAL_V1 request 2364149796 [ HASH D ]
Mar 24 23:44:58 charon: 10[IKE] <con1|13> received DELETE for ESP CHILD_SA with SPI 1e52472a
Mar 24 23:44:58 charon: 10[IKE] <con1|13> closing CHILD_SA con1{4} with SPIs cfafd2a2_i (670 bytes) 1e52472a_o (0 bytes) and TS xxx.xxx.xxx.115/32|/0[udp/l2f] === xxx.xxx.xxx.68/32|/0[udp/l2f]


Al geprobeerd met verschillende settings in de pfSense, maar ik ben het spoor nu een beetje bijster.
Op mijn telefoon krijg ik de code:
De VPN-verbinding is mislukt met foutcode 809

Als ik daarop Google, kom ik uit op antwoorden dat het komt dat de server achter een NAT zit. Echter heb ik op mijn pfSense een publiek adres op de WAN kant zitten.

Ook geprobeerd de firewall aan de WAN zijde helemaal open te zetten, ook dit mocht helaas niet helpen.

Nu is mijn vraag aan jullie, hebben jullie nog een duwtje in de goede richting voor mij?
Reageer

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2025 Hosting door TrueFullstaq