OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: cluna on April 07, 2017, 03:34:22 pm
-
Hi everyone, I would like help with this topic.
I've searching around the forums, but couldn't find a light with this issue. I'm trying to set a IPSec VPN Site to Site on OPNSense 16.7-amd64. Looks like the tunnel get up and works correctly, but the phase 2 it´s not working.
I've read the doc https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html to set the VPN, but I got some of theese events on the IPsec log (recent/old order):
Apr 7 07:00:41 charon: 05[IKE] failed to establish CHILD_SA, keeping IKE_SA
Apr 7 07:00:41 charon: 05[IKE] <con2|21687> failed to establish CHILD_SA, keeping IKE_SA
Apr 7 07:00:41 charon: 05[IKE] maximum IKE_SA lifetime 28751s
Apr 7 07:00:41 charon: 05[IKE] <con2|21687> maximum IKE_SA lifetime 28751s
Apr 7 07:00:41 charon: 05[IKE] IKE_SA con2[21687] established between 181.XXX.110.XX[181.XXX.110.XX]...200.XX.232.XXX[200.XX.232.XXX]
Apr 7 07:00:41 charon: 05[IKE] <con2|21687> IKE_SA con2[21687] established between 181.XXX.110.XX[181.XXX.110.XX]...200.XX.232.XXX[200.XX.232.XXX]
Apr 7 07:00:41 charon: 05[ENC] parsed IKE_SA_INIT response 0 [ SA KE No V V V N(NATD_S_IP) N(NATD_D_IP) CERTREQ V ]
Apr 7 07:00:41 charon: 05[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Apr 7 07:00:41 charon: 05[IKE] initiating IKE_SA con2[21687] to 200.XX.232.XXX
When I see the Status Overview page under IPSec, there no info under info above (Local subnets, SPIs, Remote subnets, State, Stats).
Even, I've search over documentation and wiki OPSense and got that Phase2 NAT doesnt work with different masks, its true? looks like this issue is fixed on OpenBSD, not for FreeBSD (I'm using FreeBSD :'( ).
If anyone could help me I'll appreciate it.
I can provide more info to help.
Thanks.