OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: ElFonte on February 19, 2021, 09:59:23 pm

Title: Multiple IPSec roadwarrior problems
Post by: ElFonte on February 19, 2021, 09:59:23 pm

Hello, I'm a new poster here with a few years on my shoulders with OPNSense and PFSense
I recently migrated one of my firewalls from 20.7.4 to 21.1.1. Since then, when a road warrior VPN user connects when a different user is connected from the same network (behind NAT, so different local IP but same public IP) the first one can't access the network but the connection stays open
I've checked the logs, there doesn't seem to be anything wrong there. I've checked the config, and nothing is changed, neither in the client side (wich still works on a different 20.7.4 server) or the server side
Anyone else experiencing problems like this?
Thanks a lot for the help

Title: Re: Multiple IPSec roadwarrior problems
Post by: mimugmail on February 20, 2021, 07:19:10 am

This usually comes when the router at client side cant Nat multiple devices behind

Title: Re: Multiple IPSec roadwarrior problems
Post by: ElFonte on February 21, 2021, 09:58:18 pm

Sadly, that's not the case, since the clients haven't changed anything. It happens to me when connecting from 2 different VMs, and I'm certain the only change has been on the firewall

Title: Re: Multiple IPSec roadwarrior problems
Post by: ElFonte on February 25, 2021, 09:56:47 pm

Given I found no clue of what was grong, I reinstalled 20.7 in a different VM and updated it to the latest version available before enabling the update to 21, restored a backup from 21.1 (I know this shouldn't be done, it was just a test) and it's working correctly, allowing multiple connections from the same public IP
There seems to be a bug in OPNSense, how do I report it?
Thanks a lot

Title: Re: Multiple IPSec roadwarrior problems
Post by: juere on February 26, 2021, 10:17:40 am

Same problem here since updating to 21.1.2 yesterday.
Multible IPSEC road-warriors "kick out" each other when connecting from the same IP.
We use IKEv2 with Microsoft RADIUS accounts, each VPN user has it's own RADIUS account.
Worked fine before with 20.7.7.

I just reported the problem on github as issue #4757

Title: Re: Multiple IPSec roadwarrior problems
Post by: mimugmail on February 26, 2021, 11:11:57 am

Can you do me a favor and test against 20.7.8 and 21.0 so we can find in which release the change was?

Title: Re: Multiple IPSec roadwarrior problems
Post by: juere on February 27, 2021, 01:36:54 am

@mimugmail

Did the updates one by one and tested with pings as described in the github issue:

20.7.7_1   (before update) works fine
20.7.8_4   works fine
21.1      fails, as soon as the second connection is started, the first ping stalls
21.1.2       fails, not tested again

Title: Re: Multiple IPSec roadwarrior problems
Post by: ElFonte on March 02, 2021, 11:19:17 pm

Hello, just tested it and got the same results
20.7.8_4 works fine
21.1 doesn't work
If there is any other test to do, please tell me, I have both versions in different hard drives ready to try

Title: Re: Multiple IPSec roadwarrior problems
Post by: juere on March 03, 2021, 09:22:38 am

@ElFonte: I reported this on github, see

https://github.com/opnsense/core/issues/4757

A patch was posted yesterday, try

Code: [Select]

opnsense-patch  8bf80e0
Works fine for me :)

Title: Re: Multiple IPSec roadwarrior problems
Post by: ElFonte on March 10, 2021, 09:48:03 pm

@goodomens42 thanks a lot, forgot to report that it works fine now