Messages

Any chance we can finally have support for schedules in Traffic Shaper?

This is the #1 feature I miss in OPNsense, there are so many situations where traffic shaping needs vary across the day but there's no simple way to setup in OPNsense. it's available in most other firewall products out there (and has been for many years) so quite frankly I find it astounding that this still hasn't been implemented in OPNsense (and demand seems to be there are I found a number of requests for this feature throughout the years).

Are there any plans to implement this (in OPNsense 22? Ever?)?

I haven't found a solution unfortunately. But I do have two other firewalls (Sophos XG 18.5MR2 and Watchguard Firebox T35 running whatever the latest version of Fireware XTM is) and I see the same behavior there - FortiClient fails at phase 1 handshakes. So this might not be an OPNsense specific issue after all. Still, I was hoping someone had an idea what's going on.

I know that Fortigate's VPN implementation can be difficult at times, but on the other side it works fine for colleagues who just use some kind of cheap nasty broadband router they got from their ISP, so surely there must be a way to get it to work in OPNsense.

Hello!

I am currently struggling getting a work VPN connection through my OPNsense 21.7.7 firewall. This is a VPN (IPSec) connection between my work laptop and my employer's servers, so OPNsense isn't a VPN endpoint here.

The company used another VPN solution before which worked fine with OPNsense, however they recently migrated to Fortigate and its FortiClient VPN solution and that's where the issues began. When trying to connect to the VPN, it always fails with an "no response from the peer, Phase 1 retransmit reaches maximum count" error on the client.

Connecting via cell phone works fine.

As far as OPNsense is concerned, it's a standard 21.7.7 install that acts as a router/firewall for the home. The work laptop sits on its separate network (Guest) with little in the way, it even uses public DNS servers instead of OPNsense as DNS proxy like the Home (LAN) side does. Also, IDS is not active on the Guest network. All the necessary ports for IPSec (500,4500, etc) have been opened in the fw rules, and as mentioned the previous IPSec VPN solution worked fine through the very same OPNsense box.

The firewall log doesn't show anything suspicious either.

In an attempt to fix this I also added all the ports that Fortinet lists for FortiClient but that didn't help either:

https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/788212/forticlient-open-ports

I'm at a loss as to why FortiClient struggles with phase 1 handshakes when the previous VPN solution worked fine.

Any ideas?