Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - NikB

Pages1
#1
General Discussion / Re: Weird issue with VPN-IPSEC-Connections
February 05, 2024, 04:38:16 PM
Ok, I found a quick fix for remote-site. I will leave it for anyone who will get here by searching the "My OpnSense router were bricked while I was setting up IKEv2 IPSEC site-to-site tunnel".

Connection getting lost only if tunnel is up. So simplest way to access the router is to disable IPSEC daemon on the other side and it automatically removes routes from kernel and you can connect to the router as usual (if that peer were NOT the only host that could connect).

I hope this would help one day to someone, and thanks for help!

Opened Github issue: https://github.com/opnsense/core/issues/7205
#2
General Discussion / Re: Weird issue with VPN-IPSEC-Connections
February 05, 2024, 03:55:04 PM
I've got this broken second time, but this time I know where to start. %)

Perhaps, it is a good idea to open Github Issue to make a check for 0.0.0.0/0 child net and "Install routes" enabled by default, to make some kind of warning. Or just disable "Install routes" by default here: https://github.com/opnsense/core/blob/c7d6f53797722678f64a754c8a4da2be7cf11eb9/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.xml#L295

Troubleshooting why VPN connection doesn't work should be easier then restore remote-site connectivity.
#3
General Discussion / Re: Weird issue with VPN-IPSEC-Connections
February 05, 2024, 02:06:37 PM
It looks like a delay with answer, but maybe I'm just a slowpoke :D
Thanks a lot, it is exactly a root cause! Never experienced that behavior with strongswan on Linux.
And unfortunately it is hard to troubleshoot it from remote locations.


#4
General Discussion / Weird issue with VPN-IPSEC-Connections
October 11, 2023, 02:39:52 PM
For a while I'm using few IPSEC connections to remote locations.
Since v22.7 there is a new way to configure IPSEC, so called "Connections". I've decided to try set up my tunnels using new approach since I had an issue with DPD, that didn't wanted to restart tunnels after temporarily connectivity loss.

It was going fine, I set up 4 of 5 tunnels, and while I was tinkering with the last one, my router went offline.
I went to remote location, the router looks fine. Up and running. Simple "dmesg" check looks fine as well, but there are no connectivity both on LAN and WAN interfaces. (Then I get the same thing on another opnSense router with 23.7.5 firmware)

Can you help me with troubleshooting guidance? I feel comfortable with Linux, but not very good with FreeBSD.
Thanks!
Pages1