Messages

1

Documentation and Translation / OPENVPN P2P Setup Example

« on: February 10, 2024, 03:18:46 pm »

Hi,
not sure if this is the right place for documentation errata.
I was reading and testing the Documentation Example at https://docs.opnsense.org/manual/how-tos/sslvpn_instance_s2s.html and found a possible error here:

https://docs.opnsense.org/manual/how-tos/sslvpn_instance_s2s.html#trust
The Client Certificate must not set to be for server use, this will definitely not work:

Set Type to Server

Hope that helps,
j.

2

Virtual private networks / Re: IPSec / NAT / Connect on Traffic

« on: January 29, 2021, 03:53:34 pm »

ok, forget about the last one , it's gettin more confusing to me 
The Natt'ed tunnel in Question doesn't appear unter "Routed Connections" even if I bring it up manually.

Code: [Select]

Routed Connections:
        con5{30}:  ROUTED, TUNNEL, reqid 5
        con5{30}:   192.168.254.0/24 === 10.80.1.0/24
        con4{29}:  ROUTED, TUNNEL, reqid 2
        con4{29}:   192.168.254.0/24 === 10.1.10.0/23
        con3{28}:  ROUTED, TUNNEL, reqid 1
        con3{28}:   192.168.254.0/24 === 172.16.20.8/32
        con1{26}:  ROUTED, TUNNEL, reqid 4
        con1{26}:   192.168.254.0/24 === 192.168.10.0/24


Code: [Select]

       
Security Associations (5 up, 0 connecting):
...snip...
        con2[164]: ESTABLISHED 40 seconds ago, mygateway...remotegateway
        con2{70}:  INSTALLED, TUNNEL, reqid 8, ESP SPIs: c2c93be5_i 1fae9593_o
        con2{70}:   193.186.104.36/30 === 172.27.24.0/24
...snip...

193.186.104.36 is the IP Adress I got from remote side to use, 172.27.24.0/24 is the remote LAN.
To me it looks like no route for the remote net is installed.
 

3

Virtual private networks / Re: IPSec / NAT / Connect on Traffic

« on: January 29, 2021, 11:48:17 am »

seems a bit different here :

Code: [Select]

con3{28}:  ROUTED, TUNNEL, reqid 1
con3{28}:   192.168.254.0/24 === 172.16.20.8/32

and

Code: [Select]

root@OPNsense:~ # pfctl -s state | grep 193.186.104
all tcp 193.186.104.36:52813 (192.168.254.69:61546) -> 172.27.24.129:3389       ESTABLISHED:ESTABLISHED


4

Virtual private networks / Re: IPSec / NAT / Connect on Traffic

« on: January 29, 2021, 08:45:29 am »

Already found the "Additional SPF" Setting.
For the ping method I am not sure how this could work.
By using the "single address" as Source, these Packets even will not be able reach the gateway's LAN Interface which has an ip from "Local Network":

Code: [Select]

# traceroute -n -s "single address" "IP in Remote Net"
traceroute to "IP in Remote Net", 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *

Am I missing something?
Thank you,
juergen

5

Virtual private networks / IPSec / NAT / Connect on Traffic

« on: January 28, 2021, 07:31:53 am »

Hi,
I have a VPN to a Customers Network which is basically working as expected, but it it won't come up on traffic. Even with the "Start immediately" Switch set the Connection starts, but it disconnecs at some point when idle and the only way to bring it up is to connect manually.
Situation:
- Tunnel IP4 VPN
- no control over the remote side
- no problem in IPsec Configuration
- only one direction - outgoing
- I have to SNAT my Network  to a single address provided by the remote side. This is most likely the Showstopper, but I don't have an Idea on how to workaround.

Any suggestions?
Thanks,
juergen