1
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 17, 2023, 09:50:30 am »
Mmmh. Did you check all three boxes ?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 16, 2023, 04:55:13 pm »3
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 16, 2023, 03:46:51 pm »4
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 16, 2023, 11:25:18 am »
I could imagine that this is the reason:
Your should restart your box disable and re-enable ipsec and then check if the configuration is written to the file system.
Quote
P.S. why the IPEC service doesn't start automatically .. i need to run the command /usr/local/sbin/ipsec start from shell for have the service up and running
Your should restart your box disable and re-enable ipsec and then check if the configuration is written to the file system.
5
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 16, 2023, 09:29:44 am »
Did you also check the "Enable IPsec" box ? ( VPN: IPsec: Tunnel Settings )
6
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 15, 2023, 04:53:27 pm »
I'll say that in your certificate the SAN-DNS entry is missing. This is mine.
X509v3 Subject Alternative Name:
DNS:vpn.mydomain.com
X509v3 Extended Key Usage:
TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
Could you please post
X509v3 Subject Alternative Name:
DNS:vpn.mydomain.com
X509v3 Extended Key Usage:
TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
Could you please post
Code: [Select]
cat /usr/local/etc/swanctl/swanctl.conf | grep local_tsonly to check if this is really 0.0.0.0/07
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 15, 2023, 02:32:52 pm »
... and please: X509v3 extensions" ( System -> Trust -> Certificates ) of your server certificate.
8
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 15, 2023, 02:30:58 pm »
Can you do a tcpdump on the console ?
tcpdump -vvni <wan interface> host 192.168.10.200 and host 93.66.66.180
tcpdump -vvni <wan interface> host 192.168.10.200 and host 93.66.66.180
9
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 14, 2023, 06:10:11 pm »
Could you please post "Signature Algorithm" and "X509v3 extensions" ( System -> Trust -> Certificates ) of your server certificate.
And you ipsec.log beggining with "received packet: from "
And you ipsec.log beggining with "received packet: from "
10
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 14, 2023, 05:06:57 pm »
Could you post the details of the entries ...
11
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 14, 2023, 03:23:38 pm »
Not really helpful. 
Maybe this is better.
netsh trace start WFP-IPsec per=yes maxsize=0 filemode=single
Maybe this is better.
netsh trace start WFP-IPsec per=yes maxsize=0 filemode=single
12
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 14, 2023, 11:45:21 am »
Maybe there is an issue with your certificates. Please run a trace.
Netsh trace start VpnClient per=yes maxsize=0 filemode=single
.... connection test ...
Netsh trace stop
The trace file file can be read with the Event Viewer. Use filter RRAS-Provider .
Netsh trace start VpnClient per=yes maxsize=0 filemode=single
.... connection test ...
Netsh trace stop
The trace file file can be read with the Event Viewer. Use filter RRAS-Provider .
13
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 14, 2023, 11:04:39 am »
Please remove.
- VPN > IPsec > Mobile Clients
Virtual IPv4 Address Pool : 192.168.100.0/24
The IP address should be provided by the Radius server
- VPN > IPsec > Tunnel Settings ( phase 2 )
Type : LAN Subnet
Enter Network and 0.0.0.0/0 here
- VPN > IPsec > Mobile Clients
Virtual IPv4 Address Pool : 192.168.100.0/24
The IP address should be provided by the Radius server
- VPN > IPsec > Tunnel Settings ( phase 2 )
Type : LAN Subnet
Enter Network and 0.0.0.0/0 here
14
Virtual private networks / Re: IPSEC with Radius no IKE config found
« on: March 14, 2023, 09:53:17 am »
Firewall > Rules > WAN
open ports 500 and 4500 tpc/udp ipv4
You need to open 500 and 4500 only for UDP, but the ESP rule is missing.
open ports 500 and 4500 tpc/udp ipv4
You need to open 500 and 4500 only for UDP, but the ESP rule is missing.
15
German - Deutsch / Re: IPsec zu FritzBox seit 23.1 Update nicht mehr vollständig funktional
« on: March 12, 2023, 05:30:28 pm »
Es gibt aus meiner Sicht im Moment mehrere Probleme mit IPsec unter 23.1 und "Connections[new]". Die Phase1 und Phase2 Timeout-Werte für IKEv1- und IKEv2-Tunnel werden aus den GUI-Einstellungen nicht übernommen, so dass hier die Tunnel nur mit den Standard-Werten von stringswan laufen. https://github.com/opnsense/core/issues/6370
Ich habe auch noch keine Möglichkeit gesehen manuelle SPD-Einträge zu pflegen. Insofern habe ich nur ein paar Test-Systeme auf 23.1 und "Connections[new]" migriert und warte mit meinen produktiven Systemen darauf, dass die Fehler behoben werden.
Ich habe auch noch keine Möglichkeit gesehen manuelle SPD-Einträge zu pflegen. Insofern habe ich nur ein paar Test-Systeme auf 23.1 und "Connections[new]" migriert und warte mit meinen produktiven Systemen darauf, dass die Fehler behoben werden.