"
192.168.10.2 is default WAN Gateway
I do not have a network plan with me at the moment.
I do not have a network plan with me at the moment.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
Virtual private networks / Re: IPSec S2S Tunnel problem
June 19, 2021, 04:15:49 PM
Install policy is marked
#3
Virtual private networks / Re: IPSec S2S Tunnel problem
June 19, 2021, 11:11:53 AM
but in the status overview the status is "installed routed".
If phase 2 did not match, this would not be possible.
If phase 2 did not match, this would not be possible.
#4
Virtual private networks / IPSec S2S Tunnel problem
June 18, 2021, 04:03:51 PM
For a few days now I've been racking my brains over an ipsec tunnel connection that doesn't really want to work.
Phase 1 and phase 2 are established but unfortunately I can't reach the other side.
I hope someone here has an idea and can help.
Version: OPNSENSE 21.1.6
Here are the data from ipsec statusall:
Normally I should be able to reach 139.1.2.3 via telnet when the connection is established.
I notice this message in the log files.
I cannot interpret these correctly.
Is it just a routing problem?
Here is netstat:
Does anyone have any ideas?
I am grateful for any inspiration.
I have no access to the other side.
IP addresses have been changed by me and are only an example.
Phase 1 and phase 2 are established but unfortunately I can't reach the other side.
I hope someone here has an idea and can help.
Version: OPNSENSE 21.1.6
Here are the data from ipsec statusall:
Code Select
root@OPNsenseVF:~ # ipsec statusall
no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
Status of IKE charon daemon (strongSwan 5.9.2, FreeBSD 12.1-RELEASE-p16-HBSD, amd64):
uptime: 11 minutes, since Jun 18 15:32:47 2021
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 5
loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac gcm drbg attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam whitelist addrblock counters
Listening IP addresses:
192.168.22.100 (opnsense)
192.168.10.198 (WAN)
Connections:
con1: 192.168.10.198...85.1.2.3 IKEv2
con1: local: [192.168.10.198] uses pre-shared key authentication
con1: remote: [85.1.2.3] uses pre-shared key authentication
con1: child: 213.1.2.3/32 === 139.1.2.3/32 TUNNEL
Security Associations (1 up, 0 connecting):
con1[4]: ESTABLISHED 8 minutes ago, 192.168.10.198[192.168.10.198]...85.1.2.3[85.1.2.3]
con1[4]: IKEv2 SPIs: c829b25a6dd28deb_i* cacc8476f40761cb_r, pre-shared key reauthentication in 2 hours
con1[4]: IKE proposal: AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384
con1{2}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c843ae3b_i 26d84c90_o
con1{2}: AES_CBC_256/HMAC_SHA2_256_128, 0 bytes_i, 0 bytes_o, rekeying in 37 minutes
con1{2}: 213.1.2.3/32 === 139.1.2.3/32Normally I should be able to reach 139.1.2.3 via telnet when the connection is established.
I notice this message in the log files.
Code Select
charon[16026] 12[KNL] <con1|1> querying policy 213.1.2.3/32 === 139.1.2.3/32 out failed, not foundI cannot interpret these correctly.
Is it just a routing problem?
Here is netstat:
Code Select
root@OPNsenseVF:~ # netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.10.2 UGS vtnet1
1.1.1.1 8e:f7:81:14:be:93 UHS vtnet1
8.8.4.4 8e:f7:81:14:be:93 UHS vtnet1
127.0.0.1 link#4 UH lo0
192.168.10.0/24 link#2 U vtnet1
192.168.10.198 link#2 UHS lo0
192.168.22.0/24 link#1 U vtnet0
192.168.22.100 link#1 UHS lo0Does anyone have any ideas?
I am grateful for any inspiration.
I have no access to the other side.
IP addresses have been changed by me and are only an example.
Pages1
