Just another IT blog
This error doesn’t give many clues as to whats wrong but it turns out it is usually a simple fix and is caused by a mismatch between the main / aggressive setting on the negotiation of phase one. Simply make sure both ends match, or if the setting is not available at one end change it on the pfsense.
.net 3.5 is still often required but the resources to install it are by default absent from the windows installation. If you have internet connectivity this isn’t such an issue as the files are simply pulled down from microsoft but if you are performing an offline build or are in a dev/secure environment with no connectivity or heavily filtered it can be problematic.
Personally I find the fastest method is to mount/insert the 2012 installation media and install the feature with DISM. Open an elevetates (run as admin) command window.
dism /online /enable-feature /featurename:NetFX3 /all /Source:d:\sources\sxs /LimitAccess
Simply change “d” to match the drive letter your install media is available at.
If the GUI is more your sort of thing simply run the “Add roles and features” wizard and select the .NET 3.5
Click next and locate the “Specify and alternate source path” link at the bottom of the window. Click this.
In the window that loads type in the path to your side-by-side folder on the installation media.
Click on OK and on Install to start .NET 3.5 installing.