"
Hi everyone,
I'm currently trying to get IKEv2 / IPsec remote access running on OPNsense 26.x and I'm a bit stuck, so I'm hoping someone here has done a similar setup before or can point me in the right direction.
Setup (simplified)
The problem
At this point I'm unsure if I'm missing:
If I'm missing important information, feel free to ask and I'll provide what I can.
Thanks in advance!
I'm currently trying to get IKEv2 / IPsec remote access running on OPNsense 26.x and I'm a bit stuck, so I'm hoping someone here has done a similar setup before or can point me in the right direction.
Setup (simplified)
- OPNsense is running in an internal network, currently on 192.168.90.1/24
- There is another firewall (sophos) in front of it (not directly exposed to the internet)
- Required ports (UDP 500 / 4500) are forwarded to OPNsense
- I'm testing from a Windows client
- IPsec IKEv2 Remote Access connection
- Proposals are set (AES / SHA / DH, nothing exotic)
- EAP-MSCHAPv2 for authentication
- A Client Pool is configured
- Child SA is configured (local subnet + remote/client subnet)
- Firewall rules are in place to allow IPsec traffic
- User certificate created, signed by the local CA, imported on Windows
- Windows VPN is configured as IKEv2
The problem
- The VPN connection does not establish
- There is no meaningful output in the IPsec logs
- It feels like the traffic is not fully reaching or being handled by IPsec, but I can't pinpoint where it breaks
At this point I'm unsure if I'm missing:
- a specific IPsec setting
- something Windows-specific for IKEv2
- or a routing / firewall detail that's easy to overlook in this kind of "firewall-behind-firewall" setup
If I'm missing important information, feel free to ask and I'll provide what I can.
Thanks in advance!
