OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ram_opn »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - ram_opn

Pages: [1]
1
22.1 Legacy Series / Re: iPhone IPsec VPN client unable to communicate with local LAN once connected.
« on: May 19, 2022, 12:33:40 pm »
I have fixed the issue. After looking into the problem a little more, I could see the iPhone sending packets to the local LAN subnet, but nothing returning via a packet trace. I confirmed this in the 'diag_ipsec.php' (VPN -> IPSEC -> Status Overview [expanding the connection].

[SOLUTION]
So after a little more digging, I found the setting 'Install Policy' in the Phase 1 configuration (vpn_ipsec_phase1.php). Once I enabled this, it all worked perfectly.

2
22.1 Legacy Series / Re: iPhone IPsec VPN client unable to communicate with local LAN once connected.
« on: May 18, 2022, 09:17:12 pm »
I should have added: iPhone is on 15.1. I can also confirm that the virtual IP address allocated to the phone via IPsec VPN does not overlap with the local subnet.

3
22.1 Legacy Series / iPhone IPsec VPN client unable to communicate with local LAN once connected.
« on: May 18, 2022, 09:04:55 pm »
Hi,

I have a bit of an issue with an iPhone XS connecting to OpnSense IPSec VPN. The iPhone connects fine to the VPN instance, phase 1 and 2 completing successfully. I can see the iPhone obtains a virtual IPv4 address (10.0.0.1). I have also configured the Local Network to be my local 192.168.20.0/24 subnet. I have also created a rule on my ipsec network to allow packets from the ipsec interface to my local subnet.

When I try to browse to a local LAN subnet hosted service, I can see the inbound packet from the iphone (virtual address) to my LAN subnet, but phone just hangs there. I can see from packet traces the phone sends our syns, but nothing comes back.

Now when I look in the IPSec widget in the dashboard I can see the tunnel active, with ther tunnel detail shoring the phones public IP address for Connection (with %any), but the source is showing my local lan subnet, with destination showing 'dynamic', with status showing two opposing green arrows. Everything looks all ok.

Any advice or help would be greatly appreciated, forgive me as I am coming from an Juniper SRX340.

Thanks

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2