OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 15.7 Legacy Series »
  • [SOLVED] IPSec, ca't connect from WAN
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] IPSec, ca't connect from WAN  (Read 4157 times)

Kuragari

  • Jr. Member
  • **
  • Posts: 66
  • Karma: 11
    • View Profile
[SOLVED] IPSec, ca't connect from WAN
« on: October 05, 2015, 10:58:03 pm »
Hello, I try to make working my VPN with my iPhone and MacBook.

I have make IPSec VPN IKEv1, all work correctly on LAN (so i think my IPSec VPN configuration is correct). Now i just switch in phase 1 the interface LAN to WAN and i try to connect thought WAN interface and that don't work.

My configuration OPNSense --> ISP modem --> Internet. IPS Modem can't do bridge so i have double NAT and OPNSense is in DMZ. The problem don't come from double NAT because i have try with my computer between OPNSense and ISP modem.

I have try to authorize everything come from WAN, same result (so the problem normally don't come from rules, anyway my rules accept UDP 500, UDP 4500 and ESP).

Any ideas ?

My log (last entry) :

Oct 5 17:43:13   charon: 12[JOB] deleting half open IKE_SA after timeout
Oct 5 17:43:07   charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:43:07   charon: 12[IKE] sending retransmit 3 of response message ID 0, seq 1
Oct 5 17:43:07   charon: 12[IKE] <con1|60> sending retransmit 3 of response message ID 0, seq 1
Oct 5 17:42:54   charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:42:54   charon: 12[IKE] sending retransmit 2 of response message ID 0, seq 1
Oct 5 17:42:54   charon: 12[IKE] <con1|60> sending retransmit 2 of response message ID 0, seq 1
Oct 5 17:42:47   charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:42:47   charon: 12[IKE] sending retransmit 1 of response message ID 0, seq 1
Oct 5 17:42:47   charon: 12[IKE] <con1|60> sending retransmit 1 of response message ID 0, seq 1
Oct 5 17:42:43   charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:42:43   charon: 12[ENC] generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V ]
« Last Edit: October 06, 2015, 10:34:29 pm by franco »
Logged

Kuragari

  • Jr. Member
  • **
  • Posts: 66
  • Karma: 11
    • View Profile
Re: IPSec, ca't connect from WAN
« Reply #1 on: October 05, 2015, 11:19:52 pm »
Problem solved ;)

I have forget to open HA protocol.  8) I will try to make tuto as soon as possible.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13986
  • Karma: 1211
    • View Profile
Re: [SOLVED] IPSec, ca't connect from WAN
« Reply #2 on: October 06, 2015, 10:35:02 pm »
Neat, marked as [SOLVED], good work. :)
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 15.7 Legacy Series »
  • [SOLVED] IPSec, ca't connect from WAN
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2