Messages

I have fixed the issue. After looking into the problem a little more, I could see the iPhone sending packets to the local LAN subnet, but nothing returning via a packet trace. I confirmed this in the 'diag_ipsec.php' (VPN -> IPSEC -> Status Overview [expanding the connection].

[SOLUTION]
So after a little more digging, I found the setting 'Install Policy' in the Phase 1 configuration (vpn_ipsec_phase1.php). Once I enabled this, it all worked perfectly.

I should have added: iPhone is on 15.1. I can also confirm that the virtual IP address allocated to the phone via IPsec VPN does not overlap with the local subnet.

Hi,

I have a bit of an issue with an iPhone XS connecting to OpnSense IPSec VPN. The iPhone connects fine to the VPN instance, phase 1 and 2 completing successfully. I can see the iPhone obtains a virtual IPv4 address (10.0.0.1). I have also configured the Local Network to be my local 192.168.20.0/24 subnet. I have also created a rule on my ipsec network to allow packets from the ipsec interface to my local subnet.

When I try to browse to a local LAN subnet hosted service, I can see the inbound packet from the iphone (virtual address) to my LAN subnet, but phone just hangs there. I can see from packet traces the phone sends our syns, but nothing comes back.

Now when I look in the IPSec widget in the dashboard I can see the tunnel active, with ther tunnel detail shoring the phones public IP address for Connection (with %any), but the source is showing my local lan subnet, with destination showing 'dynamic', with status showing two opposing green arrows. Everything looks all ok.

Any advice or help would be greatly appreciated, forgive me as I am coming from an Juniper SRX340.

Thanks