OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: Julien on July 18, 2016, 06:00:21 pm

Title: IPSEC + OPENVPN
Post by: Julien on July 18, 2016, 06:00:21 pm

Hi Guys,
I have 16.7 Hardware running file with the OPENVPN Two Factor Authenticator.
With two factor Authentication for iPhone users is pain in the ass.
I am planning to configure IPSEC for Mobile users. Is this gonna works with the OPENVPN service on ?
Thank you

Title: Re: IPSEC + OPENVPN
Post by: Julien on July 19, 2016, 07:00:27 pm

Managed to get this working,
When the user is connect over IPSEC , can't ping the LAN or anything.
I've created a Rule on the IPSEC to access the LAN but its not working.
See attached for the firewall rule on the IPSEC Interface.
It doesn't works even with the rules any to any.
I have checked the log there is nothing that says something about the block.
It does shows the process of how the tunnel is build up with no warning.
Please advise

Title: Re: IPSEC + OPENVPN
Post by: Julien on July 19, 2016, 08:26:23 pm

Can someone please advise as it become critical for our mobile users.
I can't go to the internet or ping the devices over the LAN
Even can't ping 8.8.8.8
The settings of the tunnels are not descriptor on the Doc so can't seem to configure the tunnel correctly .
PLEASE HELP.
See screenshot those options are not descripte on the Document.
I can ping the connected client from the LAN using the IP of the tunnel. But the client can't ping the LAN.
Please advise

Firewall: NAT: Outbound has two Rules see attached .
One static 500 ISAKMP and one not . Please see attached picture.
(http://i63.tinypic.com/6ih2wz.png)

Title: Re: IPSEC + OPENVPN
Post by: franco on July 20, 2016, 12:06:03 am

Hi Julien,

Pinging 8.8.8.8 won't work if you only allow IPSec to access LAN...

Make sure to go through these steps: https://docs.opnsense.org/manual/how-tos/ipsec-road.html

It sounds like your Phase 2 local network setup is wrong or no policies are generated for it. Policies are normally "automagic" and not having them work is a complication in the (complexity of the) setup.

Sometimes the traffic comes in, but doesn't go back, sometimes it never reaches IPSec locally. You'll have to do some packet capturing on your box to confirm. See "Interfaces: Diagnostics: Packet Capture" to capture on IPsec interface.


Cheers,
Franco

Title: Re: IPSEC + OPENVPN
Post by: Julien on July 20, 2016, 08:57:20 am

Hi Fran o,
I just double check it , the configuration is really one of one,
Didn't miss a step, every step is copy and past.
I did a capture but nothing really there .
Hope there are more steps to troubleshoot this . As our users are leaving today the office for two weeks business trip .

Title: Re: IPSEC + OPENVPN
Post by: Julien on July 20, 2016, 06:37:25 pm

WE hve configured openvpn for the clients. we couldnt get it to work.
right now we are set, i hope you guys can have a look at this in the near future.