Topics - davorin

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - davorin

Pages1

19.1 Legacy Series / User - VPN - IPsec xauth Dialin missing in user settings

March 03, 2019, 02:22:25 PM

Good afternoon

As I am not successful currently in bringing up a VPN to a FBox which could be setup easily with a Juniper SRX I try now to follow this guide to setup a remote ipsec client:

https://wiki.opnsense.org/manual/how-tos/ipsec-road.html

There it says under user privileges to add the user to "User - VPN - IPsec xauth Dialin"....but this option is missing in 19.1.2...I only see:

Code Select

	GUI	Status: IPsec
	GUI	Status: IPsec: Leasespage
	GUI	Status: IPsec: SAD
	GUI	Status: IPsec: SPD
	GUI	Status: System logs: IPsec VPN
	GUI	Status: System logs: IPsec VPN
	GUI	VPN: IPsec
	GUI	VPN: IPsec: Edit Phase 1
	GUI	VPN: IPsec: Edit Phase 2
	GUI	VPN: IPsec: Edit Pre-Shared Keys
	GUI	VPN: IPsec: Mobile
	GUI	VPN: IPsec: Pre-Shared Keys List

Xauth not allowed anymore in opnsense?

thanks in advance
richard

19.1 Legacy Series / IPSec logs with "error writing to socket: Permission denied"

March 03, 2019, 01:14:17 PM

Good day

I am trying to migrate away a site2site VPN connection from a Fritzbox to a SRX240H.

Adding the IPsec tunnel phase1/2 and restarting IPSec I see in the logs of my 19.1.2 box:

Code Select

Mar 3 13:10:14	charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:14	charon: 16[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:14	charon: 16[IKE] <con1|1> sending retransmit 2 of request message ID 0, seq 1
Mar 3 13:10:06	charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:06	charon: 16[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:06	charon: 16[IKE] <con1|1> sending retransmit 1 of request message ID 0, seq 1
Mar 3 13:10:02	charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:02	charon: 05[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:02	charon: 05[ENC] <con1|1> generating ID_PROT request 0 [ SA V V V V V ]
Mar 3 13:10:02	charon: 05[IKE] <con1|1> initiating Main Mode IKE_SA con1[1] to x.x.53.70

Any fw rule I missed here?

I just got the basic IPsec rule and the allow ESP rule towards WAN.

General Discussion / opnsense as ipsec client to office network

March 01, 2019, 10:11:02 PM

Good evening

I just came across opnsense last week as I looked around to replace my old setup with srx240b2.
Before I used pfsense on an older apu device which couldn't cope with bandwidths at 500mbps.

Now my question...as I work few days from home I use an IPsec VPN client from my company
to connect to office machines and IoT devices for programming/debugging.

But as I like to be able to do so from all my hosts at home I would like to use opnsense as the IPsec client to the office network.

Can opnsense do this or does it only supports site2site VPNs?

thanks in advance
richard

Pages1