Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - cclements

#1
20.1 Legacy Series / Formatting Syslog in CEF
March 18, 2020, 10:02:40 PM
Are there any capabilities to send opnsense syslogs off box in the common event format (CEF)?

Base CEF format is typically:

CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension
#2
16.7 Legacy Series / IPSec VPN Push Route to Client Device
September 06, 2016, 12:33:03 AM
Hello all,

I have an IPSec VPN setup to iOS devices that is working without issue, however, I would like to push a route to an internal network other than the LAN subnet in order for my clients to reach an additional internal subnet through the VPN tunnel.  However, in the IPSec configuration it appears that I can only specify one local network in the phase 2 configuration.

Does anyone know how I can accomplish this?

Thanks,

Chris
#3
16.1 Legacy Series / Re: IPSec VPN to iOS
June 19, 2016, 07:33:04 AM
Sigh, for some reason my opnsense box wasn't picking up the updates available since the base release of 16.1 until just a few minutes ago.  Updating to 16.1.17 fixed this issue for me.  My iOS client now connects as expected.
#4
16.1 Legacy Series / [SOLVED] IPSec VPN to iOS
June 19, 2016, 07:21:18 AM
After following the guide at:

https://docs.opnsense.org/manual/how-tos/ipsec-road.html

My iOS device fails to connect to my VPN.  When I look at the VPN logs, I see:

Jun 19 00:14:06   charon: 11[NET] sending packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[29123] (56 bytes)
Jun 19 00:14:06   charon: 11[ENC] generating INFORMATIONAL_V1 request 84313137 [ N(AUTH_FAILED) ]
Jun 19 00:14:06   charon: 11[IKE] Aggressive Mode PSK disabled for security reasons
Jun 19 00:14:06   charon: 11[IKE] <36> Aggressive Mode PSK disabled for security reasons
Jun 19 00:14:06   charon: 11[IKE] xx.xx.xx.xx is initiating a Aggressive Mode IKE_SA
Jun 19 00:14:06   charon: 11[IKE] <36> xx.xx.xx.xx is initiating a Aggressive Mode IKE_SA

I have triple checked that aggressive mode is selected in my config, and saved and restarted the service after doing so. 

Any ideas on what I'm doing wrong or what else I can try?