Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Centra83

Pages1

Virtual private networks / Re: OpenVPN Site to site to Unifi USG

March 15, 2023, 04:21:06 PM

Thank you very much for the detailed answer.
With OPNsense I can create the certificate, this is not a problem. Unfortunately, there is no menu item with the Unifi.

We have now decided to replace the Unifi USG also by an OPNsense and hope that it works better.

Thanks again for the great support.

We read us...

Centra83

Virtual private networks / Re: OpenVPN Site to site to Unifi USG

March 14, 2023, 10:13:09 PM

Sorry but now I do not understand anything.
Why do I need a certificate for the OpenVPN site to site connection? In the configuration screen I only have to enter a pre share key and no certificate -> see screenshot.

I have created an OpenVPN server with certificate for my mobile clients, this works fine.

Only the site to site connection I do not get. I have also tried it with IPsec, but again without success.

I've been trying to get this to work for 3 weeks now and I'm getting desperate.

I had previously on both sides a unifi USG and there it worked without problems.

Is it better or easier to put on the other side also a OPNsense?

Thanks a lot

Virtual private networks / Re: OpenVPN Site to site to Unifi USG

March 14, 2023, 09:59:34 AM

Here the config of client3.
This is the current configuration, client 2 was just a test and i have deleted it now.

Code Select

root@OPNsense:/var/etc/openvpn # cat client3.conf
dev ovpnc3
verb 3
dev-type tun
dev-node /dev/tun3
writepid /var/run/openvpn_client3.pid
script-security 3
daemon openvpn_client3
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
data-ciphers-fallback AES-128-CBC
auth SHA1
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
multihome
nobind
management /var/etc/openvpn/client3.sock unix
remote 80.153......... 1194
ifconfig 192.168.20.2 192.168.20.1
route 192.168.1.0 255.255.255.0
secret /var/etc/openvpn/client3.secret

Code Select

root@OPNsense:/var/etc/openvpn # ls
client3.conf		server1.cert		server1.tls-auth
client3.secret		server1.conf		server1.tls-crypt
client3.sock		server1.key
server1.ca		server1.sock

Virtual private networks / Re: OpenVPN Site to site to Unifi USG

March 13, 2023, 10:31:54 PM

Here the output....

Code Select

root@OPNsense:~ # config /var/etc/openvpn/client2.conf
config: /var/etc/openvpn/client2.conf:1: syntax error

Code Select

root@OPNsense:~ # openvpn --config /var/etc/openvpn/client2.conf
root@OPNsense:~ #

Virtual private networks / Re: OpenVPN Site to site to Unifi USG

March 13, 2023, 09:50:26 PM

I get the following output

Code Select


root@OPNsense:~ # cd /var/etc/openvpn
root@OPNsense:/var/etc/openvpn #  openvpn *.conf
Options error: I'm trying to parse "client2.conf" as an --option parameter but I don't see a leading '--'
Use --help for more information.

Virtual private networks / Re: OpenVPN Site to site to Unifi USG

March 13, 2023, 09:11:42 PM

the netstat -r has produced the following output

Code Select

root@OPNsense:~ # netstat -r 
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            p3e9bf791.dip0.t-i UGS      pppoe0
p3e9bf791.dip0.t-i link#7             UH       pppoe0
p5b3c1380.dip0.t-i link#7             UHS         lo0
localhost          link#3             UH          lo0
192.168.1.0/24     192.168.20.1       UGS      ovpnc3
192.168.4.0/24     192.168.4.2        UGS      ovpns1
192.168.4.1        link#8             UHS         lo0
192.168.4.2        link#8             UH       ovpns1
192.168.6.0/24     link#1             U        vtnet0
OPNsense           link#1             UHS         lo0
192.168.20.1       link#11            UH       ovpnc3
192.168.20.2       link#11            UHS         lo0
l-lb-a01.isp.t-ipn p3e9bf791.dip0.t-i UGHS     pppoe0
b-lb-a01.isp.t-ipn p3e9bf791.dip0.t-i UGHS     pppoe0

Then I try to set up the routing, it is still early in the evening :D

Virtual private networks / Re: OpenVPN Site to site to Unifi USG

March 13, 2023, 09:02:14 PM

unfortunately the ping does not work

Code Select

ovpnc3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
	description: 3Funk_Site_to_Site (opt1)
	options=80000<LINKSTATE>
	inet6 fe80::5a9c:fcff:fe10:297e%ovpnc3 prefixlen 64 scopeid 0xb
	inet 192.168.20.2 --> 192.168.20.1 netmask 0xffffffff
	groups: tun openvpn
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	Opened by PID 74395

Code Select

root@OPNsense:~ #  ping -c 4 -S 192.168.20.2 192.168.20.1
PING 192.168.20.1 (192.168.20.1) from 192.168.20.2: 56 data bytes

--- 192.168.20.1 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss

Should I still set the static route?

Virtual private networks / OpenVPN Site to site to Unifi USG

March 13, 2023, 10:55:51 AM

Hello,

I want to establish an OpenVPN site to site connection to a Unifi USG.
In the OPNsense OpenVPN overview it says connected, but I have no access to the other network.

Status OpenVPN OPNsense:

Code Select

Name 	Remote Host 	Virtual Addr 	Connected Since 	Bytes Sent 	Bytes Received 	Status 	
3Funk_Site_to_Site UDP 		192.168.20.1 	2023-03-13 10:39:25 	0 bytes 	0 bytes 	connecting

The OpenVPN log on the OPNsense brings the following error:

Code Select

2023-03-13T10:36:14 Error openvpn_client3 event_wait : Interrupted system call (code=4)

Log Unifi USG:

Code Select

Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[294912->131072] S=[294912->131072]
UDPv4 link local (bound): [undef]
UDPv4 link remote: [AF_INET]91.60.19....:1194

The OPNsense and the USG are both behind a Vigor modem and connected via PPPoE.
Who can help?
Thanks a lot

German - Deutsch / Re: OpenVPN Site to Site keine Verbindung

March 10, 2023, 10:05:09 PM

Anbei die Einstellungen Teil3

#10

German - Deutsch / Re: OpenVPN Site to Site keine Verbindung

March 10, 2023, 10:04:46 PM

Anbei die Einstellungen Teil2.

#11

German - Deutsch / Re: OpenVPN Site to Site keine Verbindung

March 10, 2023, 10:03:33 PM

Anbei die Einstellungen Teil1.

#12

German - Deutsch / OpenVPN Site to Site keine Verbindung

March 10, 2023, 12:09:45 AM

Hallo,

ich möchte eine OpenVPN Site to Site Verbindung zu einer Unifi USG aufbauen.
In der OPNsene OpenVPN Übersicht steht verbunden, ich habe aber kein Zugriff auf das andere Netz.
Der OpenVPN Log auf der OPNsense bringt folgenden Fehler:

Error openvpn_client3 event_wait : Interrupted system call (code=4)

Im Log der Unifi kommt folgender Fehler:

TCP/UDP: Incoming packet rejected from [AF_INET]91.60......:24072[2], expected peer address: [AF_INET]91.60.....:1194 (allow this incoming source address/port by removing --remote or adding --float)

Wobei hier die IP 91.60... die öffentliche IP meiner OPNsense Seite ist.
Die OPNsense geht auch immer mit einem anderen Port raus.
Wie kann ich den ausgehenden Port in der OPNsense ändern?
Oder wo liegt er Fehler?

#13

German - Deutsch / TLS Error bei Site to Site OpenVPN zu einer Unifi USG Pro

March 08, 2023, 02:02:54 PM

Hallo,

ich möchte eine Site to Site VPN Verbindung zu einer Unifi USG aufbauen.
Ich habe dieses über OpenVPN angelegt und er zeigt mir auch in der Übersicht als Verbunden an, aber ich kann auf das andere Netz nicht zugreifen z.B. kein Ping.
In dem VPN Log wird bei mir ein TLS Error angezeigt.
Wo liegt der Fehler?

Vielen Dank

Bei Bedarf kann cih auch noch die Einstellungen zu den VPNs posten.

Pages1