OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Jürgen Garbe »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - Jürgen Garbe

Pages: [1]
1
23.1 Legacy Series / IPSEC Spi and ReqId Questions
« on: February 16, 2023, 02:39:53 pm »
Hi,

I am preparing some Side 2 Side tunnels using IPSEC.
In this context, I have two questions:

1. Shall Phase 2 "Reqid" be unique?
In screenshots "tunnel 1" and "tunnel 2" you can see that both tunnels are using Reqid 7.

2. Why are there 2 different Phase 2 spi-in, spi-out pairs (srceenshot Status overview) addressing single hosts although as you can see in screenshot "Tunnel 2 setting" the Remote network is a network and not a single host?
Traffic is send over the second "pair", even traffic for 10.65.3.1 (but I am not able to test this connection, because this node is not existing yet)!

I would be grateful for comments to these observations

Best regards

Jürgen

2
20.1 Legacy Series / Using the proxy for SSH (SFTP) and other protocols
« on: June 04, 2020, 03:16:09 pm »
Hi,
I succesfully enabled the squid based proxy (as a transparent one), so HTTP(S) access from a browser works fine.
Now I want to use this proxy (or another?) for SSH, SFTP and maybe other protocols to be able to log these connections and maybe block some of them in future.
I am using Putty on my Windows client and configured the proxy settings in Putty like I did before using the (good) old AVM Ken! proxy (use HTTP proxy) without success. I tried to use ports 80, 443, 3128 and 3129.
Anyone any ideas?
Thank you in advance!

3
20.1 Legacy Series / Can't establish multiple IPSec Phase2 tunnels width Cisco ASA 5540 (solved)
« on: March 11, 2020, 12:52:51 pm »
Hi,
I am not able to establisch an IPSec connection with more than one Phase2 definition to a Cisco ASA 5540.
Having enabled only one of both Phase2 definitions at once, everthing is working fine.
Please find attached log files:
ipsecOpnSenseCiscoTestFail.log shows the error N(INVAL_SYN),
ipsecOpnSenseCiscoTest1Phase2_1ok.log shows the successful connection with only Phase2 number 1,
ipsecOpnSenseCiscoTest1Phase2_2ok.log shows the successful connection with only Phase2 number 2.
Source and target addresses have been replaced by A.B.C.D and E.F.G.H.
Split tunnel option is enabled.
Any hint is welcome!

4
20.1 Legacy Series / Outbound NAT to IPSec
« on: February 19, 2020, 10:43:54 am »
Hi there,

I have to do outbound NAT for an IPSec connection (not 1:1 NAT and not 1:n, but m:n ...).
In the outbound NAT rules (using hybrid), the ipsec interface can be chosen, but the traffic is not translated and leaves the standard gateway (untranslated).
Any ideas?

Actually I do simply work around this by using a seperate opnsense instance which is doing the needed NATing.

Regards
Jürgen

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2