Messages

Well I just installed for testing ipfire on my apu2d4...though had to switch back my home setup to SRX240B2 so I got my VPN back and full but slow 500mbps speed back.

Maybe I test how RouterOS performs...got one in the office for testing.

Well I know of course....but setting to 1000TX fixed causes flapping...100TX not...

Anyway...have more problems as IPsec site to site won't work due to socket errors...which worked flawlessly on junos with just few lines of config (o;

Have a look now at Mikrotik RouterOS to see if that runs on APU2....

Ah okay..seems to be not needed anymore....also the Phase 1 peer identification.

I thought IPsec would be much easier with opnsense as with Juniper SRX, but it isn't (o;

No way so far I can connect to a fritzbox or connect to it remotely with a macos client...

Good afternoon

As I am not successful currently in bringing up a VPN to a FBox which could be setup easily with a Juniper SRX I try now to follow this guide to setup a remote ipsec client:

https://wiki.opnsense.org/manual/how-tos/ipsec-road.html

There it says under user privileges to add the user to "User - VPN - IPsec xauth Dialin"....but this option is missing in 19.1.2...I only see:

Code Select Expand

GUI Status: IPsec
GUI Status: IPsec: Leasespage
GUI Status: IPsec: SAD
GUI Status: IPsec: SPD
GUI Status: System logs: IPsec VPN
GUI Status: System logs: IPsec VPN
GUI VPN: IPsec
GUI VPN: IPsec: Edit Phase 1
GUI VPN: IPsec: Edit Phase 2
GUI VPN: IPsec: Edit Pre-Shared Keys
GUI VPN: IPsec: Mobile
GUI VPN: IPsec: Pre-Shared Keys List

Xauth not allowed anymore in opnsense?


thanks in advance
richard

Hmm...also see this in the logs when restarting IPSec:

Code Select Expand

Mar 3 13:32:32 ipsec_starter[98955]: charon (43576) started after 60 ms
Mar 3 13:32:32 ipsec_starter[42182]: no known IPsec stack detected, ignoring!
Mar 3 13:32:32 ipsec_starter[42182]: no KLIPS IPsec stack detected
Mar 3 13:32:32 ipsec_starter[42182]: no netkey IPsec stack detected
Mar 3 13:32:32 ipsec_starter[42182]: Starting strongSwan 5.7.2 IPsec [starter]...

Is there some package missing?

Good day

I am trying to migrate away a site2site VPN connection from a Fritzbox to a SRX240H.

Adding the IPsec tunnel phase1/2 and restarting IPSec I see in the logs of my 19.1.2 box:

Code Select Expand

Mar 3 13:10:14 charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:14 charon: 16[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:14 charon: 16[IKE] <con1|1> sending retransmit 2 of request message ID 0, seq 1
Mar 3 13:10:06 charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:06 charon: 16[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:06 charon: 16[IKE] <con1|1> sending retransmit 1 of request message ID 0, seq 1
Mar 3 13:10:02 charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:02 charon: 05[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:02 charon: 05[ENC] <con1|1> generating ID_PROT request 0 [ SA V V V V V ]
Mar 3 13:10:02 charon: 05[IKE] <con1|1> initiating Main Mode IKE_SA con1[1] to x.x.53.70


Any fw rule I missed here?

I just got the basic IPsec rule and the allow ESP rule towards WAN.

Hmmm..switching WAN interface on my APU2D4 to 100TX fullduplex fixed seems to solve this...
but won't have my 500mbps speed *sniff (o;

Just installed OPNsense 19.1.2-amd64 on my APU2D4 box....

And I have this WAN up/down cycling as well.....

Powering up my old SRX240B2 again...

Good evening

I just came across opnsense last week as I looked around to replace my old setup with srx240b2.
Before I used pfsense on an older apu device which couldn't cope with bandwidths at 500mbps.

Now my question...as I work few days from home I use an IPsec VPN client from my company
to connect to office machines and IoT devices for programming/debugging.

But as I like to be able to do so from all my hosts at home I would like to use opnsense as the IPsec client to the office network.

Can opnsense do this or does it only supports site2site VPNs?


thanks in advance
richard