OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: lagus on August 15, 2019, 10:11:22 pm
-
Hi,
I'm having issues with an IPsec tunnel causing issues going out from opnsense.
It's a newly setup instance on a Netgate SG-4860 running OPNsense 19.7.2-amd64, FreeBSD 11.2-RELEASE-p12-HBSD, OpenSSL 1.0.2s 28 May 2019, Serial version.
Remote network: 192.168.2.0/24 Local network: 192.168.11.0/24
- I'm able to ping remote host network from the ipsec interface
- I get "ping: sendto: Permission denied" pinging from LAN interface on opnsense
- Devices on local side get "Request timed out" pinging remote network
- Firewall config should be open for all: LAN https://imgur.com/a/Sg70N94 (https://imgur.com/a/Sg70N94) IPsec: https://imgur.com/a/AG6ynhe (https://imgur.com/a/AG6ynhe) Tunnel Interface: https://imgur.com/a/AG6ynhe (https://imgur.com/a/AG6ynhe)
- Remote side seems to be working without any trouble to local bot local to remote
- I have pure Ipsec rules, no Ipsec interface (accept the tunnel specifc interfaces
- Currently two tunnels configured where one is down currently down
I had to manually edit these from being 0.0.0.0/0 in the following config file.
rightsubnet = 192.168.2.0/24
leftsubnet = 192.168.11.0/24
/usr/local/etc/ipsec.conf
# This file is automatically generated. Do not edit
config setup
uniqueids = yes
conn con1
aggressive = no
fragmentation = yes
keyexchange = ikev1
mobike = yes
reauth = yes
rekey = yes
forceencaps = no
installpolicy = no
left = REDACTED
right = REDACTED
leftid = REDACTED
ikelifetime = 28800s
lifetime = 43200s
ike = aes128-sha256-modp2048!
leftauth = psk
rightauth = psk
rightid = REDACTED
reqid = 1000
rightsubnet = 192.168.2.0/24
leftsubnet = 192.168.11.0/24
esp = aes256-sha1-modp2048,aes256-sha256-modp2048,3des-sha1-modp2048,3des-sha256-modp2048!
auto = route
Why is it not working you think? - Let me know if you need to understand anything else in the setup.
There seem to be something strange when I manually have to edit in the left|rightsubnet into the configuration...?