OPNsense Forum
Archive => 15.7 Legacy Series => Topic started by: Kuragari on October 05, 2015, 10:58:03 pm
-
Hello, I try to make working my VPN with my iPhone and MacBook.
I have make IPSec VPN IKEv1, all work correctly on LAN (so i think my IPSec VPN configuration is correct). Now i just switch in phase 1 the interface LAN to WAN and i try to connect thought WAN interface and that don't work.
My configuration OPNSense --> ISP modem --> Internet. IPS Modem can't do bridge so i have double NAT and OPNSense is in DMZ. The problem don't come from double NAT because i have try with my computer between OPNSense and ISP modem.
I have try to authorize everything come from WAN, same result (so the problem normally don't come from rules, anyway my rules accept UDP 500, UDP 4500 and ESP).
Any ideas ?
My log (last entry) :
Oct 5 17:43:13 charon: 12[JOB] deleting half open IKE_SA after timeout
Oct 5 17:43:07 charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:43:07 charon: 12[IKE] sending retransmit 3 of response message ID 0, seq 1
Oct 5 17:43:07 charon: 12[IKE] <con1|60> sending retransmit 3 of response message ID 0, seq 1
Oct 5 17:42:54 charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:42:54 charon: 12[IKE] sending retransmit 2 of response message ID 0, seq 1
Oct 5 17:42:54 charon: 12[IKE] <con1|60> sending retransmit 2 of response message ID 0, seq 1
Oct 5 17:42:47 charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:42:47 charon: 12[IKE] sending retransmit 1 of response message ID 0, seq 1
Oct 5 17:42:47 charon: 12[IKE] <con1|60> sending retransmit 1 of response message ID 0, seq 1
Oct 5 17:42:43 charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:42:43 charon: 12[ENC] generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V ]
-
Problem solved ;)
I have forget to open HA protocol. 8) I will try to make tuto as soon as possible.
-
Neat, marked as [SOLVED], good work. :)