Messages

Did you ever get this reolved, same issue and ended up having child objects for each.

Finally reaching out for some help after following this thread and applying both patches Franco released the other day, and I am still struggling with IPSEC tunnels dropping. I am terminating between a Sonicwall 2650 and OPNSense, prior to 24.7.2 no issues, now having issues w/ P2 dropping. Below is the issue I think and I have validated that proposals match:

2024-08-28T10:25:58-05:00   Informational   charon   06[IKE] no acceptable proposal found   
2024-08-28T10:25:58-05:00   Informational   charon   06[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ, ESP:AES_GCM_16_256/MODP_2048/NO_EXT_SEQ   
2024-08-28T10:25:58-05:00   Informational   charon   06[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ   
2024-08-28T10:25:58-05:00   Informational   charon   06[ENC] parsed CREATE_CHILD_SA request 31 [ SA No TSi TSr ]

The Sonicwall does not have PFS enabled. This is confirmed by the missing MODP_2048 in received proposals. You should pick "default" for your ESP.

Thank You, I enabled PFS on the SW and all is good.

Finally reaching out for some help after following this thread and applying both patches Franco released the other day, and I am still struggling with IPSEC tunnels dropping. I am terminating between a Sonicwall 2650 and OPNSense, prior to 24.7.2 no issues, now having issues w/ P2 dropping. Below is the issue I think and I have validated that proposals match:

2024-08-28T10:25:58-05:00   Informational   charon   06[IKE] no acceptable proposal found   
2024-08-28T10:25:58-05:00   Informational   charon   06[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ, ESP:AES_GCM_16_256/MODP_2048/NO_EXT_SEQ   
2024-08-28T10:25:58-05:00   Informational   charon   06[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ   
2024-08-28T10:25:58-05:00   Informational   charon   06[ENC] parsed CREATE_CHILD_SA request 31 [ SA No TSi TSr ]

If I restart the IPSEC service, the tunnel will come up and stay up for an hour or less and then I see P2 disconnected.

OPNSense WAN FW Rules, see attachments.

Here what I have selected in OPNSense and SonicWall, see attachment.

Spent the entire weekend redoing the IPSEC tunnels, manually adding in the WAN rules and thought that had addressed the issue, nope just received a call they are down. Rolling back until this is resolved.

Tempted to adding another GW as someone suggested.

To address this issue I enabled DPD:

+1 for me as well after upgrading, IPSEC tunnels drop after a short period of time, service restart addresses the issue. Just a a FYI, if you need logs, glad to provide.

Thanks

Curious if anyone has had any success w/ Logitech Harmony Hubs? If so, would you mind sharing some specifics.

ROON and SONOS is working fine, but have been unable to setup the Logitech HUBs across VLANs.

NM, think it's working now, had to use multicast of 224.0.0.1 and port 5224.

Thanks

Can you share what your entry is to get Roon working? I have read on Roon forums that it needs port 9003, but that doesn't seem sufficient. I have Airplay and Sonos working, but not Roon.

Yes, added 9003 to UDPBR, selected interfaces/networks, and created a FW rule to allow my ROON server to talk to the other networks. That's about it and was a minimul effort.

Curious if anyone has had any success w/ Logitech Harmony Hubs? If so, would you mind sharing some specifics.

ROON and SONOS is working fine, but have been unable to setup the Logitech HUBs across VLANs.

NM, think it's working now, had to use multicast of 224.0.0.1 and port 5224.

Thanks

Please disregard, read a few posts back and I'm good.

Is the following OK to upgrade?

Curious if anyone has implemented the following:

https://github.com/FingerlessGlov3s/OPNsensePIAWireguard

I wanted to make sure that it is safe and nothing to be concerned with. I have implemented in OPNSENSE and no issues, looked at script (looks fine to me) however, given my limited knowledge thought I would aske here for feedbck.

Thanks

Have this working w/ Sonos app and Roon endpoints, now I am working on the Spotify app. Anyone have any specifics for Spotify?

I read where Spotify uses TCP 4070, but that was unsuccessful.

Installed mDNS repeater and that addressed the issue w/ Spotify and other devices on other VLANs.

@marjohn56, will your plugin do mDNS?


Thanks

Thanks for the reply and that is straight-forward and works fine. where I am confused is specific to the plugin, obviously when you have that FW rule enabled you can communicate across networks and I was under the impression that the plugin would take care of not having to create FW rules.

I'm sorry, but call me confused, which is not difficult...

TIA

Not having much success, but here is the FW rule I setup, see attached.



Any feedback would be appreciated. One question, if you setup a FW rule to pass traffic between the 2 networks wouldn't that defeat the purpose of this plugin?

Thanks

I assume I am going to have to setup a firewall rule based on the log beow:

filterlog[12364]   16,,,0,igb1,match,block,in,4,0x0,,1,15941,0,DF,17,udp,129,172.16.20.1,239.255.255.250,48581,1900,109

Trying to access my Sonos that sits in my IOT VLAN (20) from the my LAN. I have a FW rule that allows access to VLAN20 (IOT), but the VLAN20(IOT) does not have access to my LAN network. I assume I am on the right track here?

Thanks