Messages

Hi
I have an Opnsense FW in the cloud with 3 VPNs to remote sites.
2 of the VPNs are fine but one shows odd behaviour even thougnthe settings are the same as the other 2.
The VPN drops out on a regular basis is one issue but a more strange issue for me is that I try to test whether the VPN is up by pinging a piece of equipment at the other end (a PBX). The PBX will respond to a ping.
If I try to acces the PBX config which uses a range of ports, it works fine!
Last week the VPN was up and working and pinging OK
This morning it was down so restated it and it's not poinging.
A tracert from a PC alsdo in the cloud tries to route the ping out over the WAN on the opnsense.
That same PC is able to access the PBX management.

Any ideas as I'm stumped!

Cheers

[--DHCP From Customers LAN>>----Customer router>>]

Hmm

No joy, I think because the non-opnsense end is double NATed. I have

LAN (DHCP from)>>---Draytek>>---DHCP From Customers LAN>>----Customer router>> internet-----------Opnsense firewall

It's the bit in bold that's the problem I think

Hi

Thanks for that

I did try with no-ip.com but without a success so I will re-visit my settings!

Cheers

Hi

Is it possible to set up a site to site VPN to and Opnense FW where the remote site does not have a fixed IP?

Scenario - our sales team would like to have a demo kit of comms equipment that will require a VPN to a cloud based opnsense FW. Obviously as they move from customer to customer the public IP trying to make the connection will be different.

I have tried using a dynamic DNS service but cannot get the tunnel to establish.

This will be from a Draytek router (although I can try a different one) set up with a WAN connection that will get an internal IP address on the customer's LAN via DHCP and then onto the internet via the customer gateway.

Hope I've explained that OK!

Cheers

Dave

When upgrading is there a backout option if there are problems?
Not that I have ever had any problems upgrading I have to add.

If I restore a backup from the console, is that configuration only or will it also change the firmware version?

Cheers

Dave

It's OK I can see it now thanks!  ;D

Is 18.1.9 available?

I am currently on 18.1.7 but an upgrade check only shows 18.1.8 available?

Cheers

Dave

Hi franco, thanks for that.
It could be ASA related as I don't have this problem with non Cisco VPNs.

I have since found that the VPN appears to drop at the Phase 2 SA expiry.
The ASA default is 28800 but the Opnsense 3600 so was dripping at around 50-55 minutes on the rekey I think.

We enabled DPD on the Cisco and the VPN now re-established automatically after a few seconds

I extended  the Opnsense Phase 2 SA to 28800 and it's not dropped since, although I am expecting it at around 7 hours 50.

Hi

Is anyone able to offer any pointers please?

Thanks!

Hi
We have a VPN connection (Opnsense in the cloud to Cisco on Premises) That seem to have random drops.
The Cisco is the clients own device, so we only have access to the Opnsense machine.

The logs do not give much away - is there a good way to diagnose this problem from the Opnsense machine?

Thanks!

It's great for Homeworkers as it doesn't matter what sort of router they have, even a cheap domestic one with no VPN capability or one of those awful Virgin or Sky routers :)

The 2 test W52s I set up were rock solid.

I now have 5 to deploy to a Customer's homeworkers  :o

OK I have this working now.
Not knowing much about OpenVPN I am not sure how :)

I made some changes to the OpenVPN server config on Opnsense and then 3 of the Client Export options were suddenly for Yealink phones.

Not the W52 but I think I used the T38(2) one.

I had to make a small edit to the vpn.cnf file but all seems to be working fine!

I have this in the log file of the Yealink after a reboot:

May 17 00:00:07 openvpn[542]: Options error: Parameter --cert cannot be used when --pkcs12 is also specified.
May 17 00:00:07 openvpn[542]: Use --help for more information.

Sorry the phone is a W52P DECT
Firmware Version   25.80.0.28


Cheers