Messages

1

Hardware and Performance / Re: PCENGINES APU[1-5] Bios

« on: February 23, 2019, 09:39:52 am »

I just upgraded my APU2C4 from a running opnsense.

Just login to the console, install flashrom, download the firmware and flash it.

Code: [Select]

pkg install flashrom
curl LINKTOFIRMWARE --output coreboot.rom
flashrom -w coreboot.rom -p internal

On my APU flashrom complained that the board id did not match. You can append ":boardmismatch=force" to the command though. After flashing I did a power reset and everything works fine.

2

Hardware and Performance / Re: PCENGINES APU[1-5] Bios

« on: February 22, 2019, 09:22:46 pm »

According to the APU2 documentation on Github it should be the second definition.

See https://github.com/pcengines/apu2-documentation/blob/master/docs/firmware_flashing.md#corebootrom-flashing

3

17.7 Legacy Series / Re: IPSec Connect with FritzBox 7490 Broken since Upgrade

« on: August 08, 2017, 06:19:00 pm »

My log looks the same, so I think we suffer from the same bug.

4

17.7 Legacy Series / Re: [SOLVED] IPSec Connect with FritzBox 7490 Broken since Upgrade

« on: August 06, 2017, 03:47:16 pm »

Hey,

I've got the same problem.

I configured a site-to-site tunnel between my opnsense and a FritzBox in a remote location.

Before the upgrade to 17.7 everything was working fine, after the upgrade phase 1 seems to come up, but the phase 2 between my and the remote not does not come up.

I already tried reloading the firewall rules before and after applying the suggested patch but I had no luck.

Any further suggestions?

Greetings,
Felix

5

German - Deutsch / Re: IKEv2 mit Apple Geräten

« on: January 28, 2017, 05:16:31 pm »

Die Anleitung ist bekannt, wollte allerdings IKEv2 und nicht V1 nutzen.

Eigentlich sind auch nur Zertifikate und kein xauth konfiguriert... versteht nicht warum das iPhone keinen Support für EAP(-TLS?) zurückmeldet... Wie auch immer, habe es mit OpenVPN konfiguriert, das funktioniert. IPSec wäre aufgrund der besseren Integration ins System schöner gewesen, aber immerhin funktioniert es jetzt.

Gruß,
Felix

6

German - Deutsch / Re: IKEv2 mit Apple Geräten

« on: January 27, 2017, 06:42:29 pm »

Keine Ideen? 

7

German - Deutsch / IKEv2 mit Apple Geräten

« on: January 22, 2017, 10:24:57 pm »

Hallo zusammen

Ich habe eine APU2C4 mit OPNsense 16.7 am laufen und wollte mir einen VPN für mein iPhone und mein MacBook einrichten. Um das ganze so gut es geht in das System der Geräte zu integrieren, wollte ich IPSec verwenden.

Habe mich im Großen und Ganzen an diese Anleitung gehalten: https://forum.pfsense.org/index.php?topic=106433.0

Mein Problem:

Die Verbindung kann nicht hergestellt werden, im Log von OPNsense erscheint immer wieder folgende Meldung: "charon: 05[IKE] configured EAP-only authentication, but peer does not support it". EAP-TLS ist explizit im Profil für die Geräte aktiviert. Habe das Log vom iPhone angehängt, jedoch selbst nichts eindeutiges erkennen können.

Code: [Select]

Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: new path status 1
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: new if_index 2
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: ikev2_resolve_server_name: server mein-dynamic.dns, type IDFQDN
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: ikev2_resolve_server_name: Outgoing ifIndex 2
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: ikev2_resolve_server_name: Resolving domain name mein-dynamic.dns via ifIndex 2
Jan 22 21:10:33 Felix--iPhone-7-Plus mDNSResponder[90] <Info>:  13: DNSServiceGetAddrInfo(8000, 2, 3, mein-dynamic.dns.) START PID[2579](neagent)
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: ikev2_dns_callback: sdRef 30AF90, flags 2, ifIndex 0, error 0, hostname mein-dynamic.dns., addr 6FDEA730, ttl=77
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: ikev2_dns_callback: got IPv4 result
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: ikev2_dns_callback: got IP address IPv4: XX.XX.XX.XX
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: Connect done
Jan 22 21:10:33 Felix--iPhone-7-Plus mDNSResponder[90] <Info>:  13: DNSServiceGetAddrInfo(mein-dynamic.dns.) STOP PID[2579](neagent)
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: Received a virtual interface response with socket 4
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: OpenVirtualInterface Handler: intf ipsec2
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: new path status 1
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: new if_index 2
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: dpd: WakeUp 0, NAT 0, retry 5, timeout 1000, frequency 600
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: ikev2_tunnel_bringup: Created session (21D8E0).
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: ikev2_tunnel_bringup: Started Child Connection
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: OpenVirtualInterface Handler:: bringing up tunnel
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: Sending status update with status 1 and disconnect error 0
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: ikev2_callback: Received notification for ikeRef 21D8E0 ChildRef 0
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: received notif IKE Status: Connecting
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: ikev2_callback: flags 0
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: ikev2_callback: Received notification for ikeRef 21D8E0 ChildRef 1
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: received notif IKE Status: Connecting
Jan 22 21:10:33 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: ikev2_callback: flags 0
Jan 22 21:10:39 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Error>: Received error: Error (Authentication Failed)
Jan 22 21:10:39 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Error>: Failed to process IKE Auth packet
Jan 22 21:10:39 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: ikev2_callback: Received notification for ikeRef 21D8E0 ChildRef 0
Jan 22 21:10:39 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: received notif IKE Status: Disconnected
Jan 22 21:10:39 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: ikev2_callback: set status Disconnected
Jan 22 21:10:40 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: Sending status update with status 0 and disconnect error 0
Jan 22 21:10:40 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: Calling Plugin_VPNTunnelDispose
Jan 22 21:10:40 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: IKEv2 Plugin: Dispose done
Jan 22 21:10:40 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: Dispose complete
Jan 22 21:10:40 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: XPC connection went away (Connection invalid)
Jan 22 21:10:40 Felix--iPhone-7-Plus neagent(NetworkExtension)[2579] <Info>: exiting

Bin leider mit meinem Latein am Ende, über Hilfe wäre ich sehr dankbar. 

Gruß,
Felix