OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of fog »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - fog

Pages: [1]
1
23.1 Legacy Series / Error with command 'ipsec leases'
« on: March 16, 2023, 08:38:23 pm »
Hi,
In a script I use the command 'ipsec leases' to get all ip of the mobile ipsec vpn.

After update to 23.1.4 I get now the error message of the command: ipsec leases
no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
no pools found

In the Dashboard, Tile IPsec, Tab mobile I see the connected users and ip.

What happend with the command 'ipsec leases' ? In Version 22.7 the call 'ipsec leases' had the output:
no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
Leases in pool '172.16.0.0/16', usage: 2/65534, 2 online
       172.16.0.1   online   'gateway2'
       172.16.0.2   online   'gateway1'

Why is now no pool found?
In the GUI VPN/IPsec/Lease Status I see as pool defaultv4.

But the command 'ipsec leases defaultv4' bring also the error:
no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
pool 'defaultv4' not found


Regards,
fog

2
22.1 Legacy Series / IPSEC VPN, no Phase 2 entries in GUI
« on: March 08, 2022, 01:07:04 pm »
Hi,
after update OPNsense 22.1 in the GUI no ipsec phase 2 entries are shown in /ui/ipsec/tunnels:
All is empty.

But they exists. The vpn are working.

How can I show and edit the phase 2 entries?

Best reagards,
fog


Versions
Versions    OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021


3
21.7 Legacy Series / Unbound DNS script
« on: September 24, 2021, 08:51:08 am »
It is possible to ad or modify unbound dns host overrides periodically by a crontab script?

I have to call 'ipsec leases' which get:
no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
Leases in pool '172.16.0.0/16', usage: 2/65534, 2 online
       172.16.0.1   online   'gateway2'
       172.16.0.2   online   'gateway1'

Now I have to add or modify host overrides:
gateway2 example.com A 172.16.0.1
gateway1 example.com A 172.16.0.2

There doesn't seem to be a solution to add a static mapping https://forum.opnsense.org/index.php?topic=24667.0

4
Virtual private networks / Static mappings for ipsec mobile client users
« on: September 08, 2021, 04:23:15 pm »
Hi,
i use a setup similar to https://docs.opnsense.org/manual/how-tos/ipsec-road.html for connection of some Sierra Wireless Gateway RV 50 - but only with PSK.
I define users GWY001..GWY004 with unique  IPsec Pre-Shared Key.

All is working, but the IP from the Virtual IPv4 Address Pool depends in the order of registration.
Now has GWY004 the first IP.

It is possible to define static IP's to the users?
Similar to Services: DHCPv4: [LAN]: DHCP Static Mappings for this interface.

If the service VPN: IPsec: Lease Status is restarted, all leases are gone and the IP addresses are reassigned in the order of registration.
Now I have to look in VPN: IPsec: Lease Status to get the IP for a specific gateway.

Or it is possible to add this ip leases to DNS Overrides of Unbound DNS?


Regards,
fog

5
21.7 Legacy Series / Routed Ipsec failed if last digit of local ip is greater than 32
« on: August 28, 2021, 11:33:59 am »
Hi,
an error occurs if the last digit of the Local Address in phase 2 of a routed ipsec vpn is greater than 32. The General Log show an invalid subnet mask:
Code: [Select]
opnsense[59451] /vpn_ipsec.php: The command '/sbin/ifconfig 'ipsec1' 'inet' '10.36.238.100/-68' '10.36.238.1'' returned exit code '1', the output was 'ifconfig: 10.36.238.100/-68: bad value (width invalid)'

It works with 10.36.238.2 .. 10.36.238.32.
see more errors in https://forum.opnsense.org/index.php?topic=22886.msg117655#msg117655

The Audit Health show no problems:
Code: [Select]
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.7.1 (amd64/OpenSSL) at Sat Aug 28 11:17:10 CEST 2021
>>> Check installed kernel version
Version 21.7.1 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.7.1 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: .................................................................... done
***DONE***

Regards,
fog

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2