OPNsense Forum

Archive => 15.1 Legacy Series => Topic started by: tristan on March 17, 2015, 10:42:40 am

Title: AVM FritzBox IPSEC VPN Client not working
Post by: tristan on March 17, 2015, 10:42:40 am
Hi folks,

I have got the following problem:

When trying to use an AVM VPN Client behind the firewal, the connection gets established, but in facts it is unusable, because no connections to services in the remote network are possible.

Sniffing Packets on both interfaces didn't turn out any hints what might be wrong.

Other IPSec Clients work well, e.g. Cisco etc. and the AVM one works too, if I bypass the firewall.

Any ideas?

Best regards.
Title: Re: AVM FritzBox IPSEC VPN Client not working
Post by: ristridin on March 17, 2015, 10:52:01 am
Hi Tristan,

Nat & inbound ipsec is always a bit of a hassle.
Question is: why would you build this setup, instead of using the build in ipsec server from opnsense?
Title: Re: AVM FritzBox IPSEC VPN Client not working
Post by: tristan on March 17, 2015, 10:56:43 am
Hi,

oh, I didn't make it clear the right way:

The IPSec Endpoint is the remote network, which I don't control. The IPSec Client is within our network and behind the firewall. :)

Best regards.
Title: Re: AVM FritzBox IPSEC VPN Client not working
Post by: ristridin on March 17, 2015, 07:27:53 pm
Ah, that makes sense.
I will try to test this tonight, will see what happens here.
Title: Re: AVM FritzBox IPSEC VPN Client not working
Post by: tristan on March 21, 2015, 09:22:51 pm
Hi,

I would like to push this topic once more, because I couldn't make any progress with the described problem.  :-[

Best regards
Title: Re: AVM FritzBox IPSEC VPN Client not working
Post by: chol on March 22, 2015, 01:28:16 pm
Just in case: In general configuration screen, one can block bogon and private network adresses, you may check this possible  point of error! Good luck.
Title: Re: AVM FritzBox IPSEC VPN Client not working
Post by: tristan on March 23, 2015, 08:30:14 am
Hi,

thanks for your advice, but I don't block private or bogon, be it on LAN or WAN iface.

I'm also frequently experiencing timeout errors when changing settings in the panel since the second last update.

Best regards
Title: Re: AVM FritzBox IPSEC VPN Client not working
Post by: ristridin on March 27, 2015, 10:40:49 pm
Hi,

had a chance yesterday to test that setup.
I was able to establish a vpn connection to a remote fritzbox using fritz fernzugang and ping remote hosts.
Was behind an opnsense 15.1.8.2 using default configuration.
Not sure why it's not working in your setup...what's weired is that you mention timeouts?
what kind of hardware do you use?

best regards!
Title: Re: AVM FritzBox IPSEC VPN Client not working
Post by: tristan on April 08, 2015, 04:32:09 pm
Hiho,

thx for your efforts.  :)

It's more than strange: after upgrading to 15.1.8.3 the connection attempt timeouts while the host is reachable via ping from the machine running fernzugang.
I was unable to find any hints by digging through the log files.

Any advice for further inspection of the problem?

Best regards!
Title: Re: AVM FritzBox IPSEC VPN Client not working
Post by: ristridin on April 08, 2015, 08:10:47 pm
Hi Tristan,

sounds like a problem not related to opnsense? maybe you change the fritzbox on your other site also to a opnsense? Or you can try to establish the ipsec connection directly from the opnsense gateway, basically it's normal ipsec.

best regards! :)