"
Hello. Could you please review my post? We having a problem with a IPsec after the upgrade.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
24.7, 24.10 Legacy Series / Re: IPsec VPN restart never ends
December 13, 2024, 10:55:02 PM
Has anyone experienced the same issue?
#3
24.7, 24.10 Legacy Series / Re: IPsec VPN restart never ends
December 11, 2024, 09:09:48 PM
Has anyone experienced the same issue?
#4
24.7, 24.10 Legacy Series / IPsec VPN restart never ends
December 11, 2024, 11:37:17 AM
Hello,
After updating from v24.1 to v24.7, we have encountered a problem with the IPsec VPN service. We are currently using OPNsense v24.7.10_2.
The issue occurs when I attempt to restart the IPsec VPN service from the dashboard. Clicking the restart button causes a loading icon to appear, indicating that the service is restarting. However, the process never completes. If I click the button again, a new loading icon appears, and this continues for every additional click.
I also tried restarting the service from the "VPN: IPsec: Tunnel Settings [legacy]" page, but the same behavior persists, the restart process does not conclude. After refreshing the page, I can see that the service is marked as running, but this was not the case in previous versions.
Has anyone else experienced this issue?
After updating from v24.1 to v24.7, we have encountered a problem with the IPsec VPN service. We are currently using OPNsense v24.7.10_2.
The issue occurs when I attempt to restart the IPsec VPN service from the dashboard. Clicking the restart button causes a loading icon to appear, indicating that the service is restarting. However, the process never completes. If I click the button again, a new loading icon appears, and this continues for every additional click.
I also tried restarting the service from the "VPN: IPsec: Tunnel Settings [legacy]" page, but the same behavior persists, the restart process does not conclude. After refreshing the page, I can see that the service is marked as running, but this was not the case in previous versions.
Has anyone else experienced this issue?
#5
24.7, 24.10 Legacy Series / Re: slow download and upload behind opnsense
October 11, 2024, 03:29:26 PM
Hi. Maybe you can stop the service "Suricata - Intrusion Detection" and test the speed again.
#6
24.7, 24.10 Legacy Series / Apply button always remains visible
October 10, 2024, 12:51:02 PM
Hello,
I have a question, and maybe you'll find it strange, but I have worked with several firewalls before.
When I create or change any rule in OPNsense, I click the Apply button. However, the Apply button always remains visible, which can be really confusing. Sometimes, people think they haven't clicked Apply. It is not so in Pfsense.
How to fix it, is there any settings for it?
I have a question, and maybe you'll find it strange, but I have worked with several firewalls before.
When I create or change any rule in OPNsense, I click the Apply button. However, the Apply button always remains visible, which can be really confusing. Sometimes, people think they haven't clicked Apply. It is not so in Pfsense.
How to fix it, is there any settings for it?
#7
24.7, 24.10 Legacy Series / Re: Data Ciphers are missing in OpenVPN export configuration. Is it a bug?
September 24, 2024, 04:09:40 PM
Hello Franco,
I've read that the latest OpenVPN server no longer needs to export Data Ciphers, as OpenVPN now supports cipher negotiation between the server and client. That's great news.
I also checked the OpenVPN server logs and confirmed that it uses AES-256-GCM when a client is connected, which is fine.
When I use OpenVPN Connect, there are no errors. However, when I use the OpenVPN client, it complains about missing Data Ciphers, even though the OPNsense OpenVPN log shows that AES-256-GCM is being used.
It would be much better if the issue causing the OpenVPN client to generate this message could be resolved.
I've read that the latest OpenVPN server no longer needs to export Data Ciphers, as OpenVPN now supports cipher negotiation between the server and client. That's great news.
I also checked the OpenVPN server logs and confirmed that it uses AES-256-GCM when a client is connected, which is fine.
When I use OpenVPN Connect, there are no errors. However, when I use the OpenVPN client, it complains about missing Data Ciphers, even though the OPNsense OpenVPN log shows that AES-256-GCM is being used.
It would be much better if the issue causing the OpenVPN client to generate this message could be resolved.
#8
24.7, 24.10 Legacy Series / Re: Data Ciphers are missing in OpenVPN export configuration. Is it a bug?
September 24, 2024, 10:14:10 AM
Thank you for your replies.
In the client logs, I couldn't see "PUSH' line ...".
In the server logs, when the client is connected, it shows that the client uses AES-256-GCM.
However, in the Client logs, it complains that the Data Ciphers are missing. I will create a ticket.
In the client logs, I couldn't see "PUSH' line ...".
In the server logs, when the client is connected, it shows that the client uses AES-256-GCM.
Code Select
openvpn_server1 xxx.xxx.xxx.xxx:55396 Data Channel: cipher 'AES-256-GCM', peer-id: 0However, in the Client logs, it complains that the Data Ciphers are missing. I will create a ticket.
Code Select
Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case.
If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
#9
24.7, 24.10 Legacy Series / Re: Data Ciphers are missing in OpenVPN export configuration. Is it a bug?
September 23, 2024, 09:25:17 PM
Could you please answer my last question?
#10
24.7, 24.10 Legacy Series / Re: New dashboard does not play well with mobile device.
September 23, 2024, 03:53:51 PM
Hello. We have similar concerns regarding the new dashboard design. The current layout feels cluttered and lacks clarity, giving the impression of being designed by someone with limited experience. We believe it could benefit from a more streamlined and user-friendly approach to improve the overall user experience.
#11
24.7, 24.10 Legacy Series / Re: Data Ciphers are missing in OpenVPN export configuration. Is it a bug?
September 23, 2024, 01:53:04 PM
Hello,
It started to connect without "Data Ciphers", however I haven't changed anything.
If I use Openvpn Connect, I see that it uses AES256-GCM. No errors.
But if use OpenVPN client v2.6.12 (Community edition), it gives the following error, but it connects successfully.
Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
We are using Openvpn client (Community edition), because it has a Windows service that can start automatically on Windows start.
I would like to make sure if it really uses "Data Ciphers AES256-GCM" with OpenVPN client (Community edition)?
It started to connect without "Data Ciphers", however I haven't changed anything.
If I use Openvpn Connect, I see that it uses AES256-GCM. No errors.
But if use OpenVPN client v2.6.12 (Community edition), it gives the following error, but it connects successfully.
Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
We are using Openvpn client (Community edition), because it has a Windows service that can start automatically on Windows start.
I would like to make sure if it really uses "Data Ciphers AES256-GCM" with OpenVPN client (Community edition)?
#12
24.7, 24.10 Legacy Series / Re: Data Ciphers are missing in OpenVPN export configuration. Is it a bug?
September 22, 2024, 10:16:20 AM
Thank you for your replies. I am using OpenVPN client v2.6.12. But it can't connect and complains that data ciphers are missing. If I add the data ciphers "cipher AES-256-GCM" manually in the config file, then it connects.
If "Data Ciphers" are deprecated and they are not needed to be exported, why I could setup it in Openvpn Instance server then? There is "Data Ciphers" and "Data Ciphers Fallback" in the menu.
If "Data Ciphers" are deprecated and they are not needed to be exported, why I could setup it in Openvpn Instance server then? There is "Data Ciphers" and "Data Ciphers Fallback" in the menu.
#13
24.7, 24.10 Legacy Series / Re: Data Ciphers are not added in export configuration
September 22, 2024, 08:52:36 AM
Is it a bug or I am doing something wrong?
#14
24.7, 24.10 Legacy Series / Re: Data Ciphers are not added in export configuration
September 21, 2024, 08:50:41 AM
Nobody has this problem?
#15
24.7, 24.10 Legacy Series / Data Ciphers are missing in OpenVPN export configuration. Is it a bug?
September 19, 2024, 04:17:19 PM
Hello,
We are using the latest version of OPNsense. I have setup OpenVPN instance. I export the config, but Data Ciphers are not added into the configuration. Could you please let me know, if it is a bug, or I am doing something wrong?
The config of the VPN file:
dev tun
persist-tun
persist-key
proto tcp-client
auth SHA256
client
resolv-retry infinite
remote xxx.xxx.xxx.xxx 1149 tcp
lport 0
verify-x509-name "C=DE, ST=HESSEN, L=xxx, O=xxx, emailAddress=xxx, CN=WS-OPENVPN-CERTIFICATE" subject
remote-cert-tls server
We are using the latest version of OPNsense. I have setup OpenVPN instance. I export the config, but Data Ciphers are not added into the configuration. Could you please let me know, if it is a bug, or I am doing something wrong?
The config of the VPN file:
dev tun
persist-tun
persist-key
proto tcp-client
auth SHA256
client
resolv-retry infinite
remote xxx.xxx.xxx.xxx 1149 tcp
lport 0
verify-x509-name "C=DE, ST=HESSEN, L=xxx, O=xxx, emailAddress=xxx, CN=WS-OPENVPN-CERTIFICATE" subject
remote-cert-tls server
