Messages

1

Virtual private networks / Re: IPSEC S2S - Tunnel not working - unable to acquire reqid

« on: February 28, 2024, 06:41:35 pm »

Changed the ID and currently i get that message:

Code: [Select]

2024-02-28T18:39:44 Informational charon 14[IKE] <....bc9cb|3> unable to resolve 80.*.*.*/32, initiate aborted
2024-02-28T18:39:44 Informational charon 06[CFG] received stroke: initiate '.....1b1b141'
2024-02-28T18:39:44 Informational charon 06[IKE] <......8bc9cb|2> unable to resolve 80.*.*.*/32, initiate aborted
Any ideas?

EDIT: Found the problem. Removed the /32 and it worked. I also created everything new, so currently no problems and the tunnel is working. Strange i found logs at the fortigate, trying to connect.

I just wait to fail again und i will post the logs.

2

Virtual private networks / IPSEC S2S - Tunnel not working - unable to acquire reqid

« on: February 28, 2024, 06:32:50 pm »

I have a problem with a problem with my S2S VTI tunnel between a fortigate and an opnsense.

I used that tutorial:
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-conn-route.html

Sometimes the tunnel breaks and then the tunnel does not work any more. I checked the logs and found the following:

Code: [Select]

2024-02-28T18:24:31 Informational charon 11[CFG] trap not found, unable to acquire reqid 1000
2024-02-28T18:24:31 Informational charon 13[KNL] creating acquire job for policy 144.x.x.x/32 === 80.x.x.x/32 with reqid {1000}
2024-02-28T18:24:19 Informational charon 13[IKE] <....9cb|1> unable to resolve 80.x.x.x/32, initiate aborted
2024-02-28T18:24:19 Informational charon 13[CFG] initiating '....141'
2024-02-28T18:24:19 Informational charon 13[CFG] added vici connection: ...9cb
2024-02-28T18:24:19 Informational charon 15[CFG] loaded IKE shared key with id 'ike-...e01' for: 'SiteA', 'SiteB'
2024-02-28T18:24:19 Informational charon 15[CFG] loaded 0 RADIUS server configurations
2024-02-28T18:24:19 Informational charon 15[CFG] loaded 0 entries for attr plugin configuration
2024-02-28T18:24:19 Informational charon 15[LIB] no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
2024-02-28T18:23:50 Informational charon 15[CFG] loaded IKE shared key with id 'ike-....e01' for: 'SiteA', 'SiteB'
2024-02-28T18:23:49 Informational charon 00[JOB] spawning 16 worker threads
I also checked the logs of the fortigate, it is only negotiating the IPsec phase 1 and noting more.

What could the problem be?

3

24.1 Legacy Series / Problems with fresh installation - no route to internet

« on: February 03, 2024, 12:56:34 pm »

Hi,

Version installed: 24.1_1

I tired a fresh installation with the following settings, done with the wizard:
  - WAN (STATIC IP - /28 subnet ipv4)
  - LAN (STATIC IP - no dhcp)

The opnsense itself can check the installation and can check for updates.
From LAN i can PING the WAN adress of the opnsense, but i can not ping the gateway of my public /28 WAN subnet. That one should work, because it is direcly connected.

Thats just with the fresh installatin. I could fix that with setting a manual already installed IPv4 upstram gateway. That wasn't done with the wizard. The wizard let it on "Auto-detect". Then i can PING the Gateway of my WAN subnet.

But then there is the problem with no route to the internet. Sometimes it is working, when i set it to a dedicated IPv4 Upstream Gateway but not always. But it just works sometimes, with some reboots and when i wait some time.

On the routing table there is no "0.0.0.0/0" route too.

Is that just a problem with the new version? Why is there also no default route on the routing table set?

Regards