OPNsense Forum

English Forums => General Discussion => Topic started by: smooth_81 on August 19, 2019, 02:46:52 pm

Title: Problem with multiple VPN-Peer rightpeer: %any
Post by: smooth_81 on August 19, 2019, 02:46:52 pm

I've setup a central opnsense appliance to host some (~600) VPN connections.
I need to use %any as Peer IP and to use rightid with distinguisher to assign the correct Config. I have no option to use something like dyndns to resolve peer ip's.

The problem comes when i define more than one tunnel with peer ip %any. When the second peer connects OPNSense does not use the right PSK, but only the PSK from the first defined Connection.
Weird, because the PSK is attached to the DN in ipsec.secrets.

Is this a bug? I'm using actual version OPNsense 19.7.2-amd64

Title: Re: Problem with multiple VPN-Peer rightpeer: %any
Post by: mimugmail on August 19, 2019, 05:49:52 pm

Just use IKEv2, works like a charm

Title: Re: Problem with multiple VPN-Peer rightpeer: %any
Post by: smooth_81 on August 21, 2019, 01:47:04 pm

Quote from: mimugmail on August 19, 2019, 05:49:52 pm

Just use IKEv2, works like a charm

That would be great, but AVM Fritzbox does not support IKEv2  >:(

Any other hint?

Title: Re: Problem with multiple VPN-Peer rightpeer: %any
Post by: mimugmail on August 21, 2019, 02:51:42 pm

No, then the PSK has to be the same I'd guess. Or use certificate authentication