OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: Kuragari on October 05, 2015, 10:58:03 pm

Title: [SOLVED] IPSec, ca't connect from WAN
Post by: Kuragari on October 05, 2015, 10:58:03 pm
Hello, I try to make working my VPN with my iPhone and MacBook.

I have make IPSec VPN IKEv1, all work correctly on LAN (so i think my IPSec VPN configuration is correct). Now i just switch in phase 1 the interface LAN to WAN and i try to connect thought WAN interface and that don't work.

My configuration OPNSense --> ISP modem --> Internet. IPS Modem can't do bridge so i have double NAT and OPNSense is in DMZ. The problem don't come from double NAT because i have try with my computer between OPNSense and ISP modem.

I have try to authorize everything come from WAN, same result (so the problem normally don't come from rules, anyway my rules accept UDP 500, UDP 4500 and ESP).

Any ideas ?

My log (last entry) :

Oct 5 17:43:13   charon: 12[JOB] deleting half open IKE_SA after timeout
Oct 5 17:43:07   charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:43:07   charon: 12[IKE] sending retransmit 3 of response message ID 0, seq 1
Oct 5 17:43:07   charon: 12[IKE] <con1|60> sending retransmit 3 of response message ID 0, seq 1
Oct 5 17:42:54   charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:42:54   charon: 12[IKE] sending retransmit 2 of response message ID 0, seq 1
Oct 5 17:42:54   charon: 12[IKE] <con1|60> sending retransmit 2 of response message ID 0, seq 1
Oct 5 17:42:47   charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:42:47   charon: 12[IKE] sending retransmit 1 of response message ID 0, seq 1
Oct 5 17:42:47   charon: 12[IKE] <con1|60> sending retransmit 1 of response message ID 0, seq 1
Oct 5 17:42:43   charon: 12[NET] sending packet: from 192.168.1.2[500] to 80.12.55.122[1011] (408 bytes)
Oct 5 17:42:43   charon: 12[ENC] generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V ]
Title: Re: IPSec, ca't connect from WAN
Post by: Kuragari on October 05, 2015, 11:19:52 pm
Problem solved ;)

I have forget to open HA protocol.  8) I will try to make tuto as soon as possible.
Title: Re: [SOLVED] IPSec, ca't connect from WAN
Post by: franco on October 06, 2015, 10:35:02 pm
Neat, marked as [SOLVED], good work. :)