OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: nrf on February 28, 2017, 02:57:29 am

Title: ipsec vpn passthru?
Post by: nrf on February 28, 2017, 02:57:29 am

I am happy to now be able to use suricata on my n40L with this release. but in exchange for that benefit, now I cannot use my ipsec vpn client which was working fine on previous release - a daily driver for me. I thought there might be some plugin needed but didn't find any related to passthru. puttering around in the forums I found some comments about nat rules for port 500, and I do have one that seems to come from setting up my openvpn server.

did I miss something in the release notes that I need to enable for ipsec passthru?

thanks in advance for your help.

and as I tweeted, the major upgrade went so well!!!! impressive!!!!

Title: Re: ipsec vpn passthru?
Post by: nrf on August 16, 2017, 05:29:01 am

bump? no help for this?
I'd like my work computer to have the benefit of this firewall....

Title: Re: ipsec vpn passthru?
Post by: franco on August 16, 2017, 06:44:22 am

Hi nrf,

Not sure what the issue is? Do you talk about a change in behaviour from 16.7 to 17.1? We're on 17.7 now and it's hard to cover hundreds of individual changes that could be responsible.


Cheers,
Franco

Title: Re: ipsec vpn passthru?
Post by: nrf on August 16, 2017, 08:29:10 pm

thanks for getting back to me. I posted here originally as this is the point at which it stopped working and I had to make alternate arrangements for my work pc. in the past I would have tried some other package but opnsense is otherwise very satisfying to me. whatever was done has 'stuck' as I keep trying from time to time as I upgrade to the newer versions, hoping it would have gotten corrected.

when I attempt to set up the work client it tells me it timed out and I must have a firewall that is dropping udp packets.

(specifically I use the AT&T Global Network Client for vpn and the configuration is for "Managed VPN - IPSec)

Title: Re: ipsec vpn passthru?
Post by: nrf on August 17, 2017, 05:12:28 am

just a thought, if I set up an openvpn service, does that keep ipsec clients from passing thru by interfering with authentication port?

Title: Re: ipsec vpn passthru?
Post by: franco on August 25, 2017, 04:10:58 pm

Hi nrf,

Sorry, this slipped through again.

IPsec does not interfere with OpenVPN.

You are forwarding IPsec to an internal server?

Have you tried add the sloppy state tracking advanced feature in the rules that pass the traffic through?


Cheers,
Franco