Topics

1

19.1 Legacy Series / User - VPN - IPsec xauth Dialin missing in user settings

« on: March 03, 2019, 02:22:25 pm »

Good afternoon

As I am not successful currently in bringing up a VPN to a FBox which could be setup easily with a Juniper SRX I try now to follow this guide to setup a remote ipsec client:

https://wiki.opnsense.org/manual/how-tos/ipsec-road.html

There it says under user privileges to add the user to "User - VPN - IPsec xauth Dialin"....but this option is missing in 19.1.2...I only see:

Code: [Select]

GUI Status: IPsec
GUI Status: IPsec: Leasespage
GUI Status: IPsec: SAD
GUI Status: IPsec: SPD
GUI Status: System logs: IPsec VPN
GUI Status: System logs: IPsec VPN
GUI VPN: IPsec
GUI VPN: IPsec: Edit Phase 1
GUI VPN: IPsec: Edit Phase 2
GUI VPN: IPsec: Edit Pre-Shared Keys
GUI VPN: IPsec: Mobile
GUI VPN: IPsec: Pre-Shared Keys List
Xauth not allowed anymore in opnsense?


thanks in advance
richard

2

19.1 Legacy Series / IPSec logs with "error writing to socket: Permission denied"

« on: March 03, 2019, 01:14:17 pm »

Good day

I am trying to migrate away a site2site VPN connection from a Fritzbox to a SRX240H.

Adding the IPsec tunnel phase1/2 and restarting IPSec I see in the logs of my 19.1.2 box:

Code: [Select]

Mar 3 13:10:14 charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:14 charon: 16[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:14 charon: 16[IKE] <con1|1> sending retransmit 2 of request message ID 0, seq 1
Mar 3 13:10:06 charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:06 charon: 16[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:06 charon: 16[IKE] <con1|1> sending retransmit 1 of request message ID 0, seq 1
Mar 3 13:10:02 charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:02 charon: 05[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:02 charon: 05[ENC] <con1|1> generating ID_PROT request 0 [ SA V V V V V ]
Mar 3 13:10:02 charon: 05[IKE] <con1|1> initiating Main Mode IKE_SA con1[1] to x.x.53.70

Any fw rule I missed here?

I just got the basic IPsec rule and the allow ESP rule towards WAN.

3

General Discussion / opnsense as ipsec client to office network

« on: March 01, 2019, 10:11:02 pm »

Good evening

I just came across opnsense last week as I looked around to replace my old setup with srx240b2.
Before I used pfsense on an older apu device which couldn't cope with bandwidths at 500mbps.

Now my question...as I work few days from home I use an IPsec VPN client from my company
to connect to office machines and IoT devices for programming/debugging.

But as I like to be able to do so from all my hosts at home I would like to use opnsense as the IPsec client to the office network.

Can opnsense do this or does it only supports site2site VPNs?


thanks in advance
richard