OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ddeacon22 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - ddeacon22

Pages: [1]
1
23.7 Legacy Series / Re: [SOLVED] Blocked Device IP?
« on: March 30, 2024, 03:34:28 pm »
I've had this problem happen to me twice over the last week with two different internal IP addresses of iPhones. After just using different IP addresses, I put some time into it this morning and figured out it was related to the Crowdsec "Enable FW Bouncer (IPS)" feature. Once I disabled that I was able to pass traffic to the internet again for my internal addresses that were impacted.

So I enabled it again and went into the Crowdsec->Overview->Decisions section and saw the two addresses impacted and deleted the entries there. This allowed me to keep the feature on and pass traffic.

This only started happening a week ago and only on two different iPhones. Wondering If they are spamming something, or if it's just a coincidence that the IPs were pulled in from a blocklist somewhere. Don't know enough about how Crowdsec works to determine why the addresses are getting added to a blocklist. Time to research more I guess if it happens again as its getting annoying.

2
Virtual private networks / Re: Split DNS for IKEv2 IPSec VPN on macOS
« on: March 12, 2023, 01:16:39 am »
Finally figured it out after a day of troubleshooting certificate extended usage keys. I now have EAP-TLS working through the EAP-RADIUS profile so I am passwordless with client/server certs only.

3
Virtual private networks / Re: Split DNS for IKEv2 IPSec VPN on macOS
« on: March 09, 2023, 10:26:08 pm »
Are you guys using EAP-RADIUS to get these IKEv2 connection working with macOS and iOS? I decided to migrate from pfSense to OPNsense on the weekend and can't for the life of me get my VPN working following all the guides for OPNsense. I've even tried a direct copy on my config from pfSense where I had EAP-TLS working with nothing but certificates and Apple Configurator profiles but for some reason same config won't work on OPNsense.

Best progress I can make is EAP-RADIUS but the tunnels never some up after successful RADIUS authentication. I'd prefer an EAP-TLS connection but VPN logs say it is not supported on the client, which is wrong as I had it working on pfSense. This is the error I get in OPNsense VPN logs.

16[IKE] <con1|11> configured EAP-only authentication, but peer does not support it

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2