Text only | Text with Images

OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: NDregger on October 17, 2022, 07:56:47 PM

Title: Mobile Client - Best Solution?
Post by: NDregger on October 17, 2022, 07:56:47 PM
Hello Forum,

i hope my english is good enough to explain my wishes for my OPNsense.

I startet with VPN for nearly twenty years using AVM (a german manufacturer), than switched to Bintec (also german) but both are no longer powerfull enough for my wishes an needs.

I´m very happy with firewall, multi WAN and so on, but currently i´m unable to use my most needed feature: Mobile Client connectivity.

With my old bintec it was easy: On Windows i used the Shrew Soft VPN Client for IKEv1 Connectivity, Android and iPhone connectet with their native clients.

Now, after switch to OPNsense, i have to find a working solution, if possible without client software. Is this a possible problem?

I thought it would be possible to realize it using IKEv2 with mobile client support, but right now i´m even to stupid to configure it running with all i need: I get a connection and IP packets are routed, but i have no name resolution. Windows 10 / 11 are connecting, but if i run ipconfig /all after establishing the connection there is no configured DNS Server or suffix on my client - and that even while i´ve configured both on my OPNsense.

My questions:

- is IKEv2 the correct solution for my needs?
- if IKEv2 is the correct soultion - how can i realize it that Windows is recognizing DNS Server and Suffix?
- if IKEv2 isn´t the correct solution - what´s the correct way for my needs?


Norbert

Title: Re: Mobile Client - Best Solution?
Post by: Greelan on October 18, 2022, 11:48:09 AM
I use WireGuard personally.
Title: Re: Mobile Client - Best Solution?
Post by: Patrick M. Hausen on October 18, 2022, 12:44:36 PM
WireGuard does not scale very well, because there is no mechanism comparable to XAUTH. IPsec and OpenVPN can both use Active Directory based AAA, for example.
Title: Re: Mobile Client - Best Solution?
Post by: tiermutter on October 18, 2022, 01:26:34 PM
To avoid the need of special client software, IPsec is the way to go, as WG and OVPN are not implemented in Windows.
I`m using WG because it offers great speed, but OVPN is always configured as fallback when WG will not work from time to time for unknown reasons.
I never used IPsec, so I can`t troubleshoot your DNS problems, with both WG and OVPN I have no issues using the Sense (AGH) as DNS server.
Title: Re: Mobile Client - Best Solution?
Post by: NDregger on June 30, 2023, 12:40:45 PM
We´re currently switching all Client VPNs to OpenVPN witch works great for use becaus we can provide all functions we want:

- Authentication against Windows Domain Controller
- Access rules for groups and users
- Easy client setup on all used operating systems including mobile devices

Best regards from rainy germany
Norbert
Title: Re: Mobile Client - Best Solution?
Post by: tiermutter on June 30, 2023, 02:59:52 PM
Sounds good. :)

Also best regards from rainy Germany...
Text only | Text with Images