Topics

1

18.1 Legacy Series / IPsec VPNs were working. Went down. Won't come back up. Socket write error

« on: June 26, 2018, 01:15:06 am »

A couple of weeks ago I established a site-to-site IPsec VPN to a client's network.
I am running OPNsense V18.110.
He is running SonicOS Enhanced 5.8.1.8-57

The initial configuration went very nicely and everything came up as expected.
The next morning the VPN was down. Restarting both side seemed to fix it. :-/

Now we can't get it to come up. We know of no changes that have been made to the settings on either side other than my upgrading to a newer version of OPNsense.

The IPsec log reports a socket error:

charon: 04[NET] error writing to socket: Permission denied

Here is a recent log after attempting to start the connection:

Date                Message
Jun 25 16:11:13    charon: 04[NET] error writing to socket: Permission denied
Jun 25 16:11:13    charon: 09[NET] sending packet: from my.pub.ip.adr[500] to his.pub.ip.adr[500] (464 bytes)
Jun 25 16:11:13    charon: 09[IKE] retransmit 3 of request with message ID 0
Jun 25 16:11:03    charon: 03[NET] received unsupported IKE version 14.12 from his.pub.ip.adr, sending INVALID_MAJOR_VERSION
Jun 25 16:11:03    charon: 03[NET] sending packet: from my.pub.ip.adr[500] to his.pub.ip.adr[4500] (36 bytes)
Jun 25 16:11:03    charon: 03[ENC] generating INFORMATIONAL response 0 [ N(INVAL_MAJOR) ]
Jun 25 16:11:00    charon: 04[NET] error writing to socket: Permission denied
Jun 25 16:11:00    charon: 09[NET] sending packet: from my.pub.ip.adr[500] to his.pub.ip.adr[500] (464 bytes)
Jun 25 16:11:00    charon: 09[IKE] retransmit 2 of request with message ID 0
Jun 25 16:10:53    charon: 04[NET] error writing to socket: Permission denied
Jun 25 16:10:53    charon: 09[NET] sending packet: from my.pub.ip.adr[500] to his.pub.ip.adr[500] (464 bytes)
Jun 25 16:10:53    charon: 09[IKE] retransmit 1 of request with message ID 0
Jun 25 16:10:49    charon: 04[NET] error writing to socket: Permission denied
Jun 25 16:10:49    charon: 09[NET] sending packet: from my.pub.ip.adr[500] to his.pub.ip.adr[500] (464 bytes)
Jun 25 16:10:49    charon: 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jun 25 16:10:49    charon: 09[IKE] initiating IKE_SA con3[37320] to his.pub.ip.adr
Jun 25 16:10:49    charon: 09[IKE] initiating IKE_SA con3[37320] to his.pub.ip.adr
Jun 25 16:10:49    charon: 06[CFG] received stroke: initiate 'con3'

I've done lots of searching and come up with nothing so far.
Input appreciated.
TIA

2

18.1 Legacy Series / [SOLVED] tshark on OPNsense?

« on: June 19, 2018, 09:06:13 pm »

Is it possible to install tshark on an OPNsense host?
If so, where can I find documentation on how to do so.

TIA,
D.

3

18.1 Legacy Series / [SOLVED] Is it possible to install emacs on OPNsense?

« on: May 04, 2018, 05:25:44 pm »

Is it possible to install emacs on OPNsense?
I've been unable to find a package for it.

TIA

4

18.1 Legacy Series / OPNsense as a PPTP VPN client

« on: May 03, 2018, 10:50:16 pm »

First, I am aware of the limitations of PPTP. Unfortunately, I currently have no choice.
I currently use Softlayer for my production servers.

They provide a private network without any data limits for managing servers.
You access the private network through a VPN. The choices are IPsec, PPTP, and SSL.
They charge $99USD/month for IPsec, which I can't justify.

I have been using PPTP for years with my previous firewall with great success.

I just upgraded to OPNsense and have been unable to figure out how to set up OPNsense as a PPTP client.

So, the question is how do I set up OPNsense as a PPTP VPN client?
I'll be very happy to get a link to instructions or instructions in a reply.
TIA