"
Hey,
I am new to creating VPN tunnels and only have experience with wireguard.
I am having trouble getting the tunnel up between my OPNsense and watchguard.
Any and all help would greatly be appreciated. Thank you.
Firewall rules:
Floating: allow ESP on WAN
Floating: allow TCP/UDP on WAN port 500
Floating: allow TCP/DUP on WAN port 4500
IPSec interface: allow TCPv4 rule.
OPNSense config:
PHASE 1
(General Information)
Interface: WAN
Remote Gateway: [Public IP of watchguard]
Dynamic gateway: unchecked
(Authentication)
Authentication method: Mutual PSK
Negotiation mode: Main
My identifier: My IP Address
Peer Identifier: Peer IP Address
PSK: -%@:@J6w\j`42xQG[A=kATH;}-zG{=
(Algorithms)
Encryption Algorithm: AES - 128
Hash Algorithm: Sha256
DH key group: 14
Lifetime 6400
Advanced:
Install Policy: checked
Disable Rekey: Unchecked
Disable Reauth: Unchecked
Tunnel Isolation: Unchecked
NAT Traversal: Disabled
Disable MOBIKE: Unchecked
Close Action: None
DPD: Unchecked
inactivity timeout:
keyingtieds:
margintime:
Rekeyfuzz:
PHASE 2
(Remote Network)
Type: Network
10.0.2.0/24
(SA/Key Exchange)
Protocol: ESP
Encryption algorithms: AES-128
Hash algoritms: SHA256
PFS keygroup: 14
Lifetime 28800
(Advanced Options)
automatically ping host:
Manual SPD entries:
Watchguard config:
PHASE 1
DH group : 14
Encryption AES-128
Hash: SHA256
key lifetime 6400
PSK: -%@:@J6w\j`42xQG[A=kATH;}-zG{= [not the actual PSK]
PHASE 2
Protocol: ESP
Encyption: AES-128
Hash: SHA256
PFS DH Group: 14
SA lifetime: 28800
I am new to creating VPN tunnels and only have experience with wireguard.
I am having trouble getting the tunnel up between my OPNsense and watchguard.
Any and all help would greatly be appreciated. Thank you.
Firewall rules:
Floating: allow ESP on WAN
Floating: allow TCP/UDP on WAN port 500
Floating: allow TCP/DUP on WAN port 4500
IPSec interface: allow TCPv4 rule.
OPNSense config:
PHASE 1
(General Information)
Interface: WAN
Remote Gateway: [Public IP of watchguard]
Dynamic gateway: unchecked
(Authentication)
Authentication method: Mutual PSK
Negotiation mode: Main
My identifier: My IP Address
Peer Identifier: Peer IP Address
PSK: -%@:@J6w\j`42xQG[A=kATH;}-zG{=
(Algorithms)
Encryption Algorithm: AES - 128
Hash Algorithm: Sha256
DH key group: 14
Lifetime 6400
Advanced:
Install Policy: checked
Disable Rekey: Unchecked
Disable Reauth: Unchecked
Tunnel Isolation: Unchecked
NAT Traversal: Disabled
Disable MOBIKE: Unchecked
Close Action: None
DPD: Unchecked
inactivity timeout:
keyingtieds:
margintime:
Rekeyfuzz:
PHASE 2
(Remote Network)
Type: Network
10.0.2.0/24
(SA/Key Exchange)
Protocol: ESP
Encryption algorithms: AES-128
Hash algoritms: SHA256
PFS keygroup: 14
Lifetime 28800
(Advanced Options)
automatically ping host:
Manual SPD entries:
Watchguard config:
PHASE 1
DH group : 14
Encryption AES-128
Hash: SHA256
key lifetime 6400
PSK: -%@:@J6w\j`42xQG[A=kATH;}-zG{= [not the actual PSK]
PHASE 2
Protocol: ESP
Encyption: AES-128
Hash: SHA256
PFS DH Group: 14
SA lifetime: 28800
