"
Mmmh. Did you check all three boxes ?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#4
Virtual private networks / Re: IPSEC with Radius no IKE config found
March 16, 2023, 11:25:18 AM
I could imagine that this is the reason:
Your should restart your box disable and re-enable ipsec and then check if the configuration is written to the file system.
QuoteP.S. why the IPEC service doesn't start automatically .. i need to run the command /usr/local/sbin/ipsec start from shell for have the service up and running
Your should restart your box disable and re-enable ipsec and then check if the configuration is written to the file system.
#5
Virtual private networks / Re: IPSEC with Radius no IKE config found
March 16, 2023, 09:29:44 AM
Did you also check the "Enable IPsec" box ? ( VPN: IPsec: Tunnel Settings )
#6
Virtual private networks / Re: IPSEC with Radius no IKE config found
March 15, 2023, 04:53:27 PM
I'll say that in your certificate the SAN-DNS entry is missing. This is mine.
X509v3 Subject Alternative Name:
DNS:vpn.mydomain.com
X509v3 Extended Key Usage:
TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
Could you please post
only to check if this is really 0.0.0.0/0
X509v3 Subject Alternative Name:
DNS:vpn.mydomain.com
X509v3 Extended Key Usage:
TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
Could you please post
Code Select
cat /usr/local/etc/swanctl/swanctl.conf | grep local_tsonly to check if this is really 0.0.0.0/0
#7
Virtual private networks / Re: IPSEC with Radius no IKE config found
March 15, 2023, 02:32:52 PM
... and please: X509v3 extensions" ( System -> Trust -> Certificates ) of your server certificate.
#8
Virtual private networks / Re: IPSEC with Radius no IKE config found
March 15, 2023, 02:30:58 PM
Can you do a tcpdump on the console ?
tcpdump -vvni <wan interface> host 192.168.10.200 and host 93.66.66.180
tcpdump -vvni <wan interface> host 192.168.10.200 and host 93.66.66.180
#9
Virtual private networks / Re: IPSEC with Radius no IKE config found
March 14, 2023, 06:10:11 PM
Could you please post "Signature Algorithm" and "X509v3 extensions" ( System -> Trust -> Certificates ) of your server certificate.
And you ipsec.log beggining with "received packet: from "
And you ipsec.log beggining with "received packet: from "
#10
Virtual private networks / Re: IPSEC with Radius no IKE config found
March 14, 2023, 05:06:57 PM
Could you post the details of the entries ...
#11
Virtual private networks / Re: IPSEC with Radius no IKE config found
March 14, 2023, 03:23:38 PM
Not really helpful. :(
Maybe this is better.
netsh trace start WFP-IPsec per=yes maxsize=0 filemode=single
Maybe this is better.
netsh trace start WFP-IPsec per=yes maxsize=0 filemode=single
#12
Virtual private networks / Re: IPSEC with Radius no IKE config found
March 14, 2023, 11:45:21 AM
Maybe there is an issue with your certificates. Please run a trace.
Netsh trace start VpnClient per=yes maxsize=0 filemode=single
.... connection test ...
Netsh trace stop
The trace file file can be read with the Event Viewer. Use filter RRAS-Provider .
Netsh trace start VpnClient per=yes maxsize=0 filemode=single
.... connection test ...
Netsh trace stop
The trace file file can be read with the Event Viewer. Use filter RRAS-Provider .
#13
Virtual private networks / Re: IPSEC with Radius no IKE config found
March 14, 2023, 11:04:39 AM
Please remove.
- VPN > IPsec > Mobile Clients
Virtual IPv4 Address Pool : 192.168.100.0/24
The IP address should be provided by the Radius server
- VPN > IPsec > Tunnel Settings ( phase 2 )
Type : LAN Subnet
Enter Network and 0.0.0.0/0 here
- VPN > IPsec > Mobile Clients
Virtual IPv4 Address Pool : 192.168.100.0/24
The IP address should be provided by the Radius server
- VPN > IPsec > Tunnel Settings ( phase 2 )
Type : LAN Subnet
Enter Network and 0.0.0.0/0 here
#14
Virtual private networks / Re: IPSEC with Radius no IKE config found
March 14, 2023, 09:53:17 AM
Firewall > Rules > WAN
open ports 500 and 4500 tpc/udp ipv4
You need to open 500 and 4500 only for UDP, but the ESP rule is missing.
open ports 500 and 4500 tpc/udp ipv4
You need to open 500 and 4500 only for UDP, but the ESP rule is missing.
#15
German - Deutsch / Re: IPsec zu FritzBox seit 23.1 Update nicht mehr vollständig funktional
March 12, 2023, 05:30:28 PM
Es gibt aus meiner Sicht im Moment mehrere Probleme mit IPsec unter 23.1 und "Connections[new]". Die Phase1 und Phase2 Timeout-Werte für IKEv1- und IKEv2-Tunnel werden aus den GUI-Einstellungen nicht übernommen, so dass hier die Tunnel nur mit den Standard-Werten von stringswan laufen. https://github.com/opnsense/core/issues/6370
Ich habe auch noch keine Möglichkeit gesehen manuelle SPD-Einträge zu pflegen. Insofern habe ich nur ein paar Test-Systeme auf 23.1 und "Connections[new]" migriert und warte mit meinen produktiven Systemen darauf, dass die Fehler behoben werden.
Ich habe auch noch keine Möglichkeit gesehen manuelle SPD-Einträge zu pflegen. Insofern habe ich nur ein paar Test-Systeme auf 23.1 und "Connections[new]" migriert und warte mit meinen produktiven Systemen darauf, dass die Fehler behoben werden.
