OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: Androxin on April 08, 2019, 08:51:10 pm
-
Hey,
I'm just desperate for the following assignment.
I need an IPsec VPN tunnel to connect two sites.
In the office is a normal DSL connection with a dynamic IP. There I have a dyndns domain.
In the LAN are several VLANs/networks (172.17.10.0/24, 172.17.20.0/24, ...) available.
There, opnSense is used as a firewall/router/DHCP.
On the other site, I have a MikroTik LTE router. Of course, this router also gets a dynamic IP from the provider.
There is the LAN 172.18.1.0/24 configured.
Actually I wanted to use openVPN. Since opnSense has problems with the routing entries, I gave up sometime and tried IPSec.
But now I got stuck as well.
Basically the connection seems to work. In phase 1 the remote peer is 0.0.0.0.
Authentication via FQDN.
However, the tunnel is not completely built.
In the log of the opnSense it says that no virtual IP could be found.
Apr 6 23:06:53 charon: 09[IKE] <con1|556> failed to establish CHILD_SA, keeping IKE_SA
Apr 6 23:06:53 charon: 09[IKE] <con1|556> configuration payload negotiation failed, no CHILD_SA built
Apr 6 23:06:53 charon: 09[IKE] <con1|556> no virtual IP found, sending INTERNAL_ADDRESS_FAILURE
Apr 6 23:06:53 charon: 09[IKE] <con1|556> no virtual IP found for %any requested by 'remote.de'
Apr 6 23:06:53 charon: 09[IKE] <con1|556> peer requested virtual IP %any
Can someone tell me what the message is about and how to fix it?
-
Are you trying to build mobile peer? It doesn't look like site-to-site.
19.1.5 has an option for normal Phase 1 entries to mark them "dynamic" and you would have to use it both phase 1 entries on both sides.
Cheers,
Franco