Hello,
I want to connect two OPNsenses with IPSec-VPN. I use the new Connection Type (with PSK and default proposals) and Route-Based VTI.
Basically the Connection establishes, but then I have the following Problem:
After a reboot from one OPNsense, the Connection is broken. If I manually trigger the Peer-Initialisation, then authentication fails and the counterpart raises:
tried 1 shared key for '%any' - '$IP-Address', but MAC mismatched
Vice versa the behaviour is the same, then the other OPNsense raises the Error.
I found out: When I delete the PreShredKey-Object and recreate it with the same parameters, I´m able to establishe the connection again.
What I am missing / doing wrong?
Additional Information: I have already VTI-VPN-Connections configured to other third-party-gateways, with the Local and Remote-Net 0.0.0.0/0 in the vpn-child-configuration. Can this cause the error?
Thanks!
I think I found an issue: I didn´t set (local and remote) IDs in the authentication-round.
Now it seems to work better.