OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • IPSEC + OPENVPN
« previous next »
  • Print
Pages: [1]

Author Topic: IPSEC + OPENVPN  (Read 3954 times)

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
IPSEC + OPENVPN
« on: July 18, 2016, 06:00:21 pm »
Hi Guys,
I have 16.7 Hardware running file with the OPENVPN Two Factor Authenticator.
With two factor Authentication for iPhone users is pain in the ass.
I am planning to configure IPSEC for Mobile users. Is this gonna works with the OPENVPN service on ?
Thank you
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: IPSEC + OPENVPN
« Reply #1 on: July 19, 2016, 07:00:27 pm »
Managed to get this working,
When the user is connect over IPSEC , can't ping the LAN or anything.
I've created a Rule on the IPSEC to access the LAN but its not working.
See attached for the firewall rule on the IPSEC Interface.
It doesn't works even with the rules any to any.
I have checked the log there is nothing that says something about the block.
It does shows the process of how the tunnel is build up with no warning.
Please advise
« Last Edit: July 19, 2016, 07:21:08 pm by Julien »
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: IPSEC + OPENVPN
« Reply #2 on: July 19, 2016, 08:26:23 pm »
Can someone please advise as it become critical for our mobile users.
I can't go to the internet or ping the devices over the LAN
Even can't ping 8.8.8.8
The settings of the tunnels are not descriptor on the Doc so can't seem to configure the tunnel correctly .
PLEASE HELP.
See screenshot those options are not descripte on the Document.
I can ping the connected client from the LAN using the IP of the tunnel. But the client can't ping the LAN.
Please advise

Firewall: NAT: Outbound has two Rules see attached .
One static 500 ISAKMP and one not . Please see attached picture.
« Last Edit: July 19, 2016, 09:19:08 pm by Julien »
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13692
  • Karma: 1176
    • View Profile
Re: IPSEC + OPENVPN
« Reply #3 on: July 20, 2016, 12:06:03 am »
Hi Julien,

Pinging 8.8.8.8 won't work if you only allow IPSec to access LAN...

Make sure to go through these steps: https://docs.opnsense.org/manual/how-tos/ipsec-road.html

It sounds like your Phase 2 local network setup is wrong or no policies are generated for it. Policies are normally "automagic" and not having them work is a complication in the (complexity of the) setup.

Sometimes the traffic comes in, but doesn't go back, sometimes it never reaches IPSec locally. You'll have to do some packet capturing on your box to confirm. See "Interfaces: Diagnostics: Packet Capture" to capture on IPsec interface.


Cheers,
Franco
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: IPSEC + OPENVPN
« Reply #4 on: July 20, 2016, 08:57:20 am »
Hi Fran o,
I just double check it , the configuration is really one of one,
Didn't miss a step, every step is copy and past.
I did a capture but nothing really there .
Hope there are more steps to troubleshoot this . As our users are leaving today the office for two weeks business trip .
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: IPSEC + OPENVPN
« Reply #5 on: July 20, 2016, 06:37:25 pm »
WE hve configured openvpn for the clients. we couldnt get it to work.
right now we are set, i hope you guys can have a look at this in the near future.
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • IPSEC + OPENVPN
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2