"
Habe das Problem lösen können. Es lag "nur" daran, das unter VPN -> IPSec -> Connections -> Pools: Im "Namensfeld" ein Eintrag mit dem Sonderzeichen "." "Punkt" vorhanden war. Habe diesen gelöscht und einen neuen erstellt ohne dieses Sonderzeichen und alles funktioniert wie gewollt!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
German - Deutsch / Re: OPNSense Business 25.4.2 - IPSec Connection - Pools - NO_PROPOSAL_CHOSEN
November 24, 2025, 01:37:06 PM #2
German - Deutsch / OPNSense Business 25.4.2 - IPSec Connection - Pools - NO_PROPOSAL_CHOSEN
August 27, 2025, 01:47:44 PM
Hallo liebe OPNSense Community,
wir betreiben bei einem Kunden eine OPNSense Business Edition 25.4.2.
Auf dieser Appliance laufen erfolgreich zwei IPSec Gateway-to-Gateway Tunnel.
1x über Connections (IKEv2, PSK)
1x über Tunnel Settings (IKEv1, PSK) (Legacy Mode)
Wenn wir nun probieren über Connections eine "RoadWarrior IPSec IKEv2" VPN Verbindung mit einem "IP-Pool" zu erstellen und speichern dies ab, starten IPSec neu, bauen sich die bestehenden IPSec Gateway-to-Gateway Tunnel nicht mehr auf.
Im LOG steht folgendes:
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> SPI 0x547933b8, src A.A.A.A dst B.B.B.B
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> adding outbound ESP SA
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> SPI 0xc4bde0c4, src B.B.B.B dst A.A.A.A
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> adding inbound ESP SA
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> using HMAC_SHA2_256_128 for integrity
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> using AES_CBC for encryption
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> CHILD_SA 373a819e-e792-4165-aa53-6c088d33a0e2{52} state change: CREATED => INSTALLING
2025-08-26T16:42:26 Informational charon 04[CFG1] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/ECP_521/NO_EXT_SEQ
2025-08-26T16:42:26 Informational charon 04[ENC1] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> parsed CREATE_CHILD_SA request 1 [ SA No KE TSi TSr ]
2025-08-26T16:42:26 Informational charon 04[NET1] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> received packet: from B.B.B.B[4500] to A.A.A.A[4500] (352 bytes)
2025-08-26T16:42:26 Informational charon 04[MGR2] IKE_SA a7e47a39-3dc7-4633-a0df-5a077560e177[1] successfully checked out
2025-08-26T16:42:26 Informational charon 04[MGR2] checkout IKEv2 SA by message with SPIs 48175254c8ac6ba9_i c7c73fa06180a77c_r
2025-08-26T16:42:26 Informational charon 02[NET2] waiting for data on sockets
2025-08-26T16:42:26 Informational charon 02[NET2] received packet: from B.B.B.B[4500] to A.A.A.A[4500]
2025-08-26T16:42:25 Informational charon 04[MGR2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> checkin of IKE_SA successful
2025-08-26T16:42:25 Informational charon 04[MGR2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> checkin IKEv2 SA a7e47a39-3dc7-4633-a0df-5a077560e177[1] with SPIs 48175254c8ac6ba9_i c7c73fa06180a77c_r
2025-08-26T16:42:25 Informational charon 04[MGR2] IKE_SA a7e47a39-3dc7-4633-a0df-5a077560e177[1] successfully checked out
2025-08-26T16:42:25 Informational charon 04[MGR2] checkout IKEv2 SA with SPIs 48175254c8ac6ba9_i c7c73fa06180a77c_r
2025-08-26T16:42:24 Informational charon 04[MGR2] checkin and destroy of IKE_SA successful
2025-08-26T16:42:24 Informational charon 03[NET2] sending packet: from C.C.C.C[500] to D.D.D.D[500]
2025-08-26T16:42:24 Informational charon 04[IKE2] <7> IKE_SA (unnamed)[7] state change: CREATED => DESTROYING
2025-08-26T16:42:24 Informational charon 04[MGR2] <7> checkin and destroy IKE_SA (unnamed)[7]
2025-08-26T16:42:24 Informational charon 04[NET1] <7> sending packet: from C.C.C.C[500] to D.D.D.D[500] (40 bytes)
2025-08-26T16:42:24 Informational charon 04[ENC1] <7> generating INFORMATIONAL_V1 request 3652144891 [ N(NO_PROP) ]
2025-08-26T16:42:24 Informational charon 04[IKE1] <7> no IKE config found for C.C.C.C...D.D.D.D, sending NO_PROPOSAL_CHOSEN
2025-08-26T16:42:24 Informational charon 04[ENC1] <7> parsed ID_PROT request 0 [ SA V V V V V V V V V V ]
2025-08-26T16:42:24 Informational charon 04[NET1] <7> received packet: from D.D.D.D[500] to C.C.C.C[500] (288 bytes)
2025-08-26T16:42:24 Informational charon 04[MGR2] created IKE_SA (unnamed)[7]
2025-08-26T16:42:24 Informational charon 04[MGR2] checkout IKEv1 SA by message with SPIs af657f6807242246_i 0000000000000000_r
2025-08-26T16:42:24 Informational charon 02[NET2] waiting for data on sockets
2025-08-26T16:42:24 Informational charon 02[NET2] received packet: from D.D.D.D[500] to C.C.C.C[500]
2025-08-26T16:42:24 Informational charon 03[NET2] sending packet: from A.A.A.A[4500] to B.B.B.B[4500]
2025-08-26T16:42:24 Informational charon 10[MGR2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> checkin of IKE_SA successful
2025-08-26T16:42:24 Informational charon 10[MGR2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> checkin IKEv2 SA a7e47a39-3dc7-4633-a0df-5a077560e177[1] with SPIs 48175254c8ac6ba9_i c7c73fa06180a77c_r
2025-08-26T16:42:24 Informational charon 10[NET1] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> sending packet: from A.A.A.A[4500] to B.B.B.B[4500] (352 bytes)
2025-08-26T16:42:24 Informational charon 10[ENC1] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> generating CREATE_CHILD_SA response 0 [ N(ESP_TFC_PAD_N) SA No KE TSi TSr ]
Sobald ich unter "VPN -> IPSec -> Connections -> Pools" den "Pool" deaktiviere, bauen sich beide GW-to-GW Tunnel wieder auf...
Wüsste jemand einen Ansatz wie ich "no IKE config found for A.A.A.A...B.B.B.B, sending NO_PROPOSAL_CHOSEN" lösen könnte?
Vielen Dank für eure Feedback.
wir betreiben bei einem Kunden eine OPNSense Business Edition 25.4.2.
Auf dieser Appliance laufen erfolgreich zwei IPSec Gateway-to-Gateway Tunnel.
1x über Connections (IKEv2, PSK)
1x über Tunnel Settings (IKEv1, PSK) (Legacy Mode)
Wenn wir nun probieren über Connections eine "RoadWarrior IPSec IKEv2" VPN Verbindung mit einem "IP-Pool" zu erstellen und speichern dies ab, starten IPSec neu, bauen sich die bestehenden IPSec Gateway-to-Gateway Tunnel nicht mehr auf.
Im LOG steht folgendes:
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> SPI 0x547933b8, src A.A.A.A dst B.B.B.B
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> adding outbound ESP SA
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> SPI 0xc4bde0c4, src B.B.B.B dst A.A.A.A
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> adding inbound ESP SA
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> using HMAC_SHA2_256_128 for integrity
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> using AES_CBC for encryption
2025-08-26T16:42:26 Informational charon 04[CHD2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> CHILD_SA 373a819e-e792-4165-aa53-6c088d33a0e2{52} state change: CREATED => INSTALLING
2025-08-26T16:42:26 Informational charon 04[CFG1] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/ECP_521/NO_EXT_SEQ
2025-08-26T16:42:26 Informational charon 04[ENC1] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> parsed CREATE_CHILD_SA request 1 [ SA No KE TSi TSr ]
2025-08-26T16:42:26 Informational charon 04[NET1] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> received packet: from B.B.B.B[4500] to A.A.A.A[4500] (352 bytes)
2025-08-26T16:42:26 Informational charon 04[MGR2] IKE_SA a7e47a39-3dc7-4633-a0df-5a077560e177[1] successfully checked out
2025-08-26T16:42:26 Informational charon 04[MGR2] checkout IKEv2 SA by message with SPIs 48175254c8ac6ba9_i c7c73fa06180a77c_r
2025-08-26T16:42:26 Informational charon 02[NET2] waiting for data on sockets
2025-08-26T16:42:26 Informational charon 02[NET2] received packet: from B.B.B.B[4500] to A.A.A.A[4500]
2025-08-26T16:42:25 Informational charon 04[MGR2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> checkin of IKE_SA successful
2025-08-26T16:42:25 Informational charon 04[MGR2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> checkin IKEv2 SA a7e47a39-3dc7-4633-a0df-5a077560e177[1] with SPIs 48175254c8ac6ba9_i c7c73fa06180a77c_r
2025-08-26T16:42:25 Informational charon 04[MGR2] IKE_SA a7e47a39-3dc7-4633-a0df-5a077560e177[1] successfully checked out
2025-08-26T16:42:25 Informational charon 04[MGR2] checkout IKEv2 SA with SPIs 48175254c8ac6ba9_i c7c73fa06180a77c_r
2025-08-26T16:42:24 Informational charon 04[MGR2] checkin and destroy of IKE_SA successful
2025-08-26T16:42:24 Informational charon 03[NET2] sending packet: from C.C.C.C[500] to D.D.D.D[500]
2025-08-26T16:42:24 Informational charon 04[IKE2] <7> IKE_SA (unnamed)[7] state change: CREATED => DESTROYING
2025-08-26T16:42:24 Informational charon 04[MGR2] <7> checkin and destroy IKE_SA (unnamed)[7]
2025-08-26T16:42:24 Informational charon 04[NET1] <7> sending packet: from C.C.C.C[500] to D.D.D.D[500] (40 bytes)
2025-08-26T16:42:24 Informational charon 04[ENC1] <7> generating INFORMATIONAL_V1 request 3652144891 [ N(NO_PROP) ]
2025-08-26T16:42:24 Informational charon 04[IKE1] <7> no IKE config found for C.C.C.C...D.D.D.D, sending NO_PROPOSAL_CHOSEN
2025-08-26T16:42:24 Informational charon 04[ENC1] <7> parsed ID_PROT request 0 [ SA V V V V V V V V V V ]
2025-08-26T16:42:24 Informational charon 04[NET1] <7> received packet: from D.D.D.D[500] to C.C.C.C[500] (288 bytes)
2025-08-26T16:42:24 Informational charon 04[MGR2] created IKE_SA (unnamed)[7]
2025-08-26T16:42:24 Informational charon 04[MGR2] checkout IKEv1 SA by message with SPIs af657f6807242246_i 0000000000000000_r
2025-08-26T16:42:24 Informational charon 02[NET2] waiting for data on sockets
2025-08-26T16:42:24 Informational charon 02[NET2] received packet: from D.D.D.D[500] to C.C.C.C[500]
2025-08-26T16:42:24 Informational charon 03[NET2] sending packet: from A.A.A.A[4500] to B.B.B.B[4500]
2025-08-26T16:42:24 Informational charon 10[MGR2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> checkin of IKE_SA successful
2025-08-26T16:42:24 Informational charon 10[MGR2] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> checkin IKEv2 SA a7e47a39-3dc7-4633-a0df-5a077560e177[1] with SPIs 48175254c8ac6ba9_i c7c73fa06180a77c_r
2025-08-26T16:42:24 Informational charon 10[NET1] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> sending packet: from A.A.A.A[4500] to B.B.B.B[4500] (352 bytes)
2025-08-26T16:42:24 Informational charon 10[ENC1] <a7e47a39-3dc7-4633-a0df-5a077560e177|1> generating CREATE_CHILD_SA response 0 [ N(ESP_TFC_PAD_N) SA No KE TSi TSr ]
Sobald ich unter "VPN -> IPSec -> Connections -> Pools" den "Pool" deaktiviere, bauen sich beide GW-to-GW Tunnel wieder auf...
Wüsste jemand einen Ansatz wie ich "no IKE config found for A.A.A.A...B.B.B.B, sending NO_PROPOSAL_CHOSEN" lösen könnte?
Vielen Dank für eure Feedback.
Pages1
