Ikev2 VPN not working after FB upgrade
Hi
I have upgraded a Firebox from M370 to M390.
I have redeployed the IKEv2 profile for mobile devices, but i'm not able to connect.
I'm testing with strongSwan as it provides a fine log. But I I'm not getting any wiser.
In the strongSwan log I see:
Feb 11 15:14:42 09[IKE] peer didn't accept DH group ECP_256, it requested MODP_2048
.....
Feb 11 15:14:42 11[CFG] checking certificate status of "O=WatchGuard, OU=Fireware, CN=ike2muvpn Server"
Feb 11 15:14:42 11[CFG] certificate status is not available
Feb 11 15:14:42 11[CFG] reached self-signed root ca with a path length of 0
Feb 11 15:14:42 11[CFG] reached self-signed root ca with a path length of 0
Feb 11 15:14:42 11[IKE] authentication of 'O=WatchGuard, OU=Fireware, CN=ike2muvpn Server' with RSA signature successful
Feb 11 15:14:42 11[IKE] server requested EAP_IDENTITY (id 0x01), sending 'js'
Feb 11 15:14:42 11[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
Feb 11 15:14:42 11[NET] sending packet: from 10.166.70.31[48061] to 193.89.253.247[4500] (80 bytes)
Feb 11 15:14:42 12[NET] received packet: from 193.89.253.247[4500] to 10.166.70.31[48061] (112 bytes)
Feb 11 15:14:42 12[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Feb 11 15:14:42 12[IKE] server requested EAP_MSCHAPV2 authentication (id 0x02)
Feb 11 15:14:42 12[ENC] generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Feb 11 15:14:42 12[NET] sending packet: from 10.166.70.31[48061] to 193.89.253.247[4500] (144 bytes)
Feb 11 15:14:44 08[IKE] retransmit 1 of request with message ID 3
Feb 11 15:14:44 08[NET] sending packet: from 10.166.70.31[48061] to 193.89.253.247[4500] (144 bytes)
Feb 11 15:14:47 07[IKE] retransmit 2 of request with message ID 3
Feb 11 15:14:47 07[NET] sending packet: from 10.166.70.31[48061] to 193.89.253.247[4500] (144 bytes)
Feb 11 15:14:52 09[IKE] retransmit 3 of request with message ID 3
Feb 11 15:14:52 09[NET] sending packet: from 10.166.70.31[48061] to 193.89.253.247[4500] (144 bytes)
Feb 11 15:14:57 10[IKE] giving up after 3 retransmits
Feb 11 15:14:57 10[IKE] establishing IKE_SA failed, peer not responding
Feb 11 15:14:57 11[IKE] unable to terminate IKE_SA: ID 14 not found
Can anyone make sense of that?
Comments
From what device type are you to use IKEv2?
Android?
Have you reviewed this? There is a section on automatic and manual config of StrongSwan.
Configure Android Devices for Mobile VPN with IKEv2
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ikev2/mvpn_ikev2_android_client.html