OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: lagus on August 15, 2019, 10:11:22 pm

Title: Ipsec - "ping: sendto: Permission denied" - one way trouble
Post by: lagus on August 15, 2019, 10:11:22 pm
Hi,

I'm having issues with an IPsec tunnel causing issues going out from opnsense.
It's a newly setup instance on a Netgate SG-4860 running OPNsense 19.7.2-amd64, FreeBSD 11.2-RELEASE-p12-HBSD, OpenSSL 1.0.2s 28 May 2019, Serial version.
Remote network: 192.168.2.0/24 Local network: 192.168.11.0/24



I had to manually edit these from being 0.0.0.0/0 in the following config file.
Code: [Select]
  rightsubnet = 192.168.2.0/24
  leftsubnet = 192.168.11.0/24

Code: [Select]
/usr/local/etc/ipsec.conf
# This file is automatically generated. Do not edit
config setup
  uniqueids = yes

conn con1
  aggressive = no
  fragmentation = yes
  keyexchange = ikev1
  mobike = yes
  reauth = yes
  rekey = yes
  forceencaps = no
  installpolicy = no


  left = REDACTED
  right = REDACTED

  leftid = REDACTED
  ikelifetime = 28800s
  lifetime = 43200s
  ike = aes128-sha256-modp2048!
  leftauth = psk
  rightauth = psk
  rightid = REDACTED
  reqid = 1000
  rightsubnet = 192.168.2.0/24
  leftsubnet = 192.168.11.0/24
  esp = aes256-sha1-modp2048,aes256-sha256-modp2048,3des-sha1-modp2048,3des-sha256-modp2048!
  auto = route

Why is it not working you think? - Let me know if you need to understand anything else in the setup.
There seem to be something strange when I manually have to edit in the left|rightsubnet into the configuration...?