OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Roy Albinus »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Roy Albinus

Pages: [1]
1
Virtual private networks / Config for a hub spoke setup using the mobile client.
« on: February 06, 2023, 09:26:57 am »
Question about traffic with the config. We are trying to replace a fortinet with a opnsense solution .  We have remote sites (spokes) with a firewall which connects to our central hub. Each remote site has at 10.x.y.0/24 subnet.

configuration
IpSec Mobile clients

Tunnel Settings Fase 1
Respond Only
IKE V1
IPV4
Wan interface
Authentication PSK + Xauth
Mainmode
My Identifier Distinguished name
AES 128 SHA1 DH5

Tunnel isolation
Nat traversel Force
DPD 90 sec 5 retries
Lifetime 3600


Fase 2
mode route-based
local 0.0.0.0   
remote 0.0.0.0
ESP AES12 SHA1 DH5
Lifetime 1800

The remote devices connect. We have two test devices which connect
10.123.10.0/24 10.123.10.254
10.123.11.0/24 10.123.11.254

In the status overview the remote subnets are showing in the Phase 2 overview

In het security Associatin database the connecttion are at the same ikeid and reqid
The Security Policy Database tab installed is empty.

The route 10.0.0.0/8 is added with the ipsec1 as gateway.
Firewall rule Lan outgoing to 10.0.0.0/8 with gateway ipsec1

But no traffic is been noticed.

In the firewall: Log Files Live View is dee the label let out anything from firewall host itself

The traffic is coming in but nog traffic is going out ?

Has anyone any suggestions how to solve this ?

2
23.1 Legacy Series / Re: Mobile clients config not working in 23.1
« on: February 03, 2023, 03:25:52 pm »
Hi,
After the update the connections are established. So now i am one step furthur.

3
23.1 Legacy Series / Re: Mobile clients config not working in 23.1
« on: January 30, 2023, 03:14:46 pm »
Hi Franco,  in the config we use it is in main mode. 

4
23.1 Legacy Series / Mobile clients config not working in 23.1
« on: January 30, 2023, 07:18:26 am »
Hi to All,

We are researching the OpnSense to connect using the mobile clients to other remote sites with hvac controllers. The configuration we made in 22.7 works and we get a fase1 and fase2 of the remote sites.  So we tried the identical configuration in the 23.1 version and we are nog getting a fase1 connection running.  What i have noticed that the Lifetime setting is not as i would expect it to be found.  We also use My Identifier with a Distinguished name.  I am not sure where the problem is.   Thx for the support.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2