OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of space-hunter »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - space-hunter

Pages: [1]
1
18.7 Legacy Series / Re: Replaced pfSense for OPNsense, IPSEC will not connect (to SonicWALL router)
« on: January 30, 2019, 10:02:37 am »
Hi, thanks for this info !

I run in the same error. I tried to configure a side2side vpn with IExplorer. After a few hours and reading this post, I know why :-)
After saving the setting with IE, this error is showing in VPN log File.

Jan 30 09:33:09 charon: 10[NET] <con1-000|8> sending packet: from 192.168.20.40[500] to 192.168.22.132[500] (84 bytes)
Jan 30 09:33:09 charon: 10[ENC] <con1-000|8> generating INFORMATIONAL_V1 request 4075737163 [ HASH D ]
Jan 30 09:33:09 charon: 10[IKE] <con1-000|8> sending DELETE for IKE_SA con1-000[8]
Jan 30 09:33:09 charon: 10[IKE] <con1-000|8> deleting IKE_SA con1-000[8] between 192.168.20.40[C=NL, ST=Zuid-Holland, L=Middelharnis, O=OPNsense]...192.168.22.132[192.168.22.132]
Jan 30 09:33:09 charon: 10[CFG] <con1-000|8> constraint check failed: peer not authenticated by CA 'C=DE, ST=Bavaria, L=xx, O=xx, E=xx@xx, CN=CA_xx'
Jan 30 09:33:09 charon: 10[IKE] <con1-000|8> received DPD vendor ID
Jan 30 09:33:09 charon: 10[ENC] <con1-000|8> parsed ID_PROT response 0 [ ID HASH V ]
Jan 30 09:33:09 charon: 10[NET] <con1-000|8> received packet: from 192.168.22.132[500] to 192.168.20.40[500] (84 bytes)

and this is the main part the file /usr/local/etc/ipsec.conf
  ike = 3des-sha1-modp1024!
  leftauth = psk
  rightauth = psk
  leftcert = /usr/local/etc/ipsec.d/certs/cert-1.crt
  leftsendcert = always
  rightca = "/C=DE/ST=xxx/L=xxx/O=xxx /emailAddress=xxx/CN=xxx/"
  rightid = 192.168.22.132
  rightsubnet = 192.168.22.192/28
  leftsubnet = 192.168.7.0/24
  esp = aes256-sha1-modp1024,3des-sha1-modp1024!


After saving the setting with Chrome, everything works as expected.

With IExplorer, 'My Certificate' and 'My Certificate Authority' fields are showing up, and I can not remove this setting.
With Chrome, this fields are not showing up.

OPNsense 18.7.9-amd64
IE 11.1563.15063.0
Chrome 71.0.3578.98


2
15.7 Legacy Series / Re: [Solved] OPNsense behind other proxy : System Update : No Connection
« on: February 28, 2017, 03:39:01 pm »
I got the same problem. After 'setenv HTTP_PROXY http://proxy:8080' some errors where fixed.
But some not. IDS Download & Update Rules do not work. It still use no proxy

Fix for me:
   edit /usr/local/opnsense/service/conf/configd.conf and add the proxy export in [environment]

#/usr/local/opnsense/service/conf/configd.conf
[main]
socket_filename:/var/run/configd.socket
pid_filename:/var/run/configd.pid

[environment]
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
HOME=/
HTTP_PROXY=http://proxy:8080
HTTPS_PROXY=http://proxy:8080
http_proxy=http://proxy:8080
https_proxy=http://proxy:8080
FTP_PROXY=http://proxy:8080
ftp_proxy=http://proxy:8080


Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2