OPNsense Forum
English Forums => Virtual private networks => Topic started by: StartersOrders on February 18, 2022, 10:21:17 am
-
Strange one this.
I have an OVH/SYS start VMware server with OPNsense 22.1.1_1 (so far gateway is a thing). As a result I'm having to use Hurriane Electric's IPv6 tunnel service to get IPv6 to my internal network.
This works fine, if a bit Heath Robinson with two WAN interfaces, one for v4 and one for v6.
What is very odd is that the IPsec VPN I run between home and the OPNsense box doesn't survive a reboot particularly well. The IPv4 P2s work fine after a reboot, but the IPv6 P2 (for the /48 at each end) doesn't appear to come up and instead stays down even though it's installed. Before the reboot it works fine?
To test I snapshotted (with RAM) the VM and rebooted it, which killed the ping I had running to the LAN interface. Once I restored the snapshot (soas if it had never been rebooted) the ping started working again?! Again, the whole time the IPv4 P2s were fine and I could ping each end of the VPN once they'd re-established.
Oddly this exact setup works fine on pfSense, although that has it's own issues.
-
Might be same as https://forum.opnsense.org/index.php?topic=26700.0 and we're working on it... it should be fixed in the latest development version. Changes are too many to use opnsense-patch reliably.
If you can snapshot it's worth a try to change release type to development check for updates and install plus reboot.
Cheers,
Franco
-
Might be same as https://forum.opnsense.org/index.php?topic=26700.0 and we're working on it... it should be fixed in the latest development version. Changes are too many to use opnsense-patch reliably.
If you can snapshot it's worth a try to change release type to development check for updates and install plus reboot.
Cheers,
Franco
Just tried - no dice unfortunately :(
It's a VM I can swap out at will so I don't mind doing destructive testing!
-
Ok, let's back up a little then. Are we talking about GIF not coming up on boot or IPsec over IPv6 or both? I'd like to inspect system log a little. It should throw at least 1-2 configuration errors that would indicate a failure to init all during boot.
Cheers,
Franco
-
Ok, let's back up a little then. Are we talking about GIF not coming up on boot or IPsec over IPv6 or both? I'd like to inspect system log a little. It should throw at least 1-2 configuration errors that would indicate a failure to init all during boot.
Cheers,
Franco
It appears to just be the IPsec side of things as I can remotely ping over the GIF tunnel, it's just the IPsec-connected networks that don't work.
How do you want the logs?
-
This is VTI, right?
I think it's unable to configure the assigned interface... Can you check?
# opnsense-log | grep Unable.to.configure
Cheers,
Franco
-
This is VTI, right?
I think it's unable to configure the assigned interface... Can you check?
# opnsense-log | grep Unable.to.configure
Cheers,
Franco
No, straight IPsec policies.
I ran the command and obviously nothing returned.
-
Not sure what's wrong to be honest. There's little data to analyse further about your setup and actual system state (routes, IPs, ping from where).
Cheers,
Franco
-
Right, gave in and coverted the other end to OPNsense after the Other Vendor (tm) decided to go on a Reddit locking spree...
... And it works with both ends as OPNsense afer a reboot in policy mode! Very strange, but I'm a happy man ;D
-
Oh, happy to hear that... welcome to the family. :)
Looks I need to read up on Reddit.
Cheers,
Franco