If you are every curious on the proposals that your client submits, just review the logs after a client attempts access. Here's a MACOSX 10.10.3 host using the native client;
( notice how we failed due to lack of matching proposals )
So out of all of the proposal the client submitted , none matched the single proposal offered by the pfsense gateway. Various vpnclients native or non-native can supported a a wide range of proposals.
If your failing authentication ( xauth ) you will see a log message similar to the below.
Sometimes you have the right authentication and ciphers but the dh-grp key strength is wrong
To review the ipsec.conf file you can use the WebGUI cmdline tool and more the cfg file.
e.g
Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( * * )=
o
/ \
There is a chance you are eligible to get a Apple iPhone 7.
ReplyDelete