Messages

Question about traffic with the config. We are trying to replace a fortinet with a opnsense solution .  We have remote sites (spokes) with a firewall which connects to our central hub. Each remote site has at 10.x.y.0/24 subnet.

configuration
IpSec Mobile clients

Tunnel Settings Fase 1
Respond Only
IKE V1
IPV4
Wan interface
Authentication PSK + Xauth
Mainmode
My Identifier Distinguished name
AES 128 SHA1 DH5

Tunnel isolation
Nat traversel Force
DPD 90 sec 5 retries
Lifetime 3600


Fase 2
mode route-based
local 0.0.0.0   
remote 0.0.0.0
ESP AES12 SHA1 DH5
Lifetime 1800

The remote devices connect. We have two test devices which connect
10.123.10.0/24 10.123.10.254
10.123.11.0/24 10.123.11.254

In the status overview the remote subnets are showing in the Phase 2 overview

In het security Associatin database the connecttion are at the same ikeid and reqid
The Security Policy Database tab installed is empty.

The route 10.0.0.0/8 is added with the ipsec1 as gateway.
Firewall rule Lan outgoing to 10.0.0.0/8 with gateway ipsec1

But no traffic is been noticed.

In the firewall: Log Files Live View is dee the label let out anything from firewall host itself

The traffic is coming in but nog traffic is going out ?

Has anyone any suggestions how to solve this ?

Hi,
After the update the connections are established. So now i am one step furthur.

Hi Franco,  in the config we use it is in main mode. 

Hi to All,

We are researching the OpnSense to connect using the mobile clients to other remote sites with hvac controllers. The configuration we made in 22.7 works and we get a fase1 and fase2 of the remote sites.  So we tried the identical configuration in the 23.1 version and we are nog getting a fase1 connection running.  What i have noticed that the Lifetime setting is not as i would expect it to be found.  We also use My Identifier with a Distinguished name.  I am not sure where the problem is.   Thx for the support.