Wednesday, June 17, 2015

PFsense vpn dialup ( debug log )

The ipsec logs for PFsense is excellent to use for validating a dynamic vpn client and issues with  establishing connectivity.

If you are every curious on the proposals that your client submits, just review the logs after a client attempts access. Here's a MACOSX 10.10.3 host using the native client;

( notice how we failed due to lack of matching proposals )

So out of all of the proposal  the client submitted , none matched the single proposal offered by the pfsense gateway. Various vpnclients native or non-native can supported a a wide range of proposals.

A difference of the  client OS version or type ( window/mac/andorid/iphone/....) can change the proposal offerings submitted by the client.

If your failing authentication ( xauth ) you will see a log message similar to the below.

Sometimes you have the right authentication and ciphers but the dh-grp key strength  is wrong

To review the  ipsec.conf file you can use the WebGUI cmdline tool and more the cfg file.


Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       /  \


  1. There is a chance you are eligible to get a Apple iPhone 7.

  2. Searching for the Best Dating Website? Create an account and find your perfect match.