"
yes, mobile IPsec is defined as 10.0.0.0/24
That's why I don't understand to get wrong subnet mask.
That's why I don't understand to get wrong subnet mask.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#16
18.7 Legacy Series / Re: IPsec wrong subnet mask and no gateway provided
January 27, 2019, 04:20:33 PM #17
18.7 Legacy Series / IPsec wrong subnet mask and no gateway provided
January 27, 2019, 04:11:26 PM
Dear all,
I implemented a working IPsec VPN road warrior connection with IP-range 10.0.0.0/24 and DNS of local LAN 192.168.1.1 is provided for DNS.
After connection is established, I got following conditions:
IP: 10.0.0.1
subnet: 255.255.255.255
DNS: 192.168.1.1
gateway: empty
For my understanding subnet 255.255.255.0 should be provided as defined. I already checked ipsec.conf, net definition 10.0.0.0/24 is within ipsec.conf.
If I check "static routes", also 10.0.0.1 is linked with the actual WAN-gateway. Internal IP and network is reachable, but no internet connection from mobile IPsec through VPN is possible.
What I'm doing wrong?
I implemented a working IPsec VPN road warrior connection with IP-range 10.0.0.0/24 and DNS of local LAN 192.168.1.1 is provided for DNS.
After connection is established, I got following conditions:
IP: 10.0.0.1
subnet: 255.255.255.255
DNS: 192.168.1.1
gateway: empty
For my understanding subnet 255.255.255.0 should be provided as defined. I already checked ipsec.conf, net definition 10.0.0.0/24 is within ipsec.conf.
If I check "static routes", also 10.0.0.1 is linked with the actual WAN-gateway. Internal IP and network is reachable, but no internet connection from mobile IPsec through VPN is possible.
What I'm doing wrong?
#18
18.7 Legacy Series / Re: IPsec VPN for iPhone Device
January 21, 2019, 09:22:58 PM
The "problem" is either I want to have authentication either by Xauth_PSK or by certificate with the IPsec-iOS-client. Don't want to install an additional APP only for VPN connections. So only "IPsec CISCO client" is natively supported by iOS device.
Meanwhile I found the issue IPsec was/is not working with the proposed solution in OPNsense-wiki with my iOS device (iOS version v12.1.2), maybe wiki is not up to date or what ever. I can't say, but here are the differences I found:
OPNsense-wiki:
a) IKEv1 to be set for VPN_iOS connection -> not working
b) peer_identifier -> no more available with "Mutual PSK + Xauth"
working configuration for my OPNsense now:
a) set IKE_auto (not v1 or v2 explicitly)
b) leave "group name" empty in iOS native IPsec CISCO client
What is not nice from my point of view is to provide only one PSK for all users and no individual PSK for each user, but for future I will see to identify by user_cert and transfer to iOS with profile. But for the moment the solution is working very well, so my tests can go on. ;)
Meanwhile I found the issue IPsec was/is not working with the proposed solution in OPNsense-wiki with my iOS device (iOS version v12.1.2), maybe wiki is not up to date or what ever. I can't say, but here are the differences I found:
OPNsense-wiki:
a) IKEv1 to be set for VPN_iOS connection -> not working
b) peer_identifier -> no more available with "Mutual PSK + Xauth"
working configuration for my OPNsense now:
a) set IKE_auto (not v1 or v2 explicitly)
b) leave "group name" empty in iOS native IPsec CISCO client
What is not nice from my point of view is to provide only one PSK for all users and no individual PSK for each user, but for future I will see to identify by user_cert and transfer to iOS with profile. But for the moment the solution is working very well, so my tests can go on. ;)
#19
18.7 Legacy Series / Re: IPsec VPN for iPhone Device
January 19, 2019, 11:06:27 PM
Hi guys,
are there any ideas about this topic IPsec-road-warrior seem not working on OSX/iOS-devices? I think the main issue is that for the mobile-client the "peer identifier" seems to be missing?
are there any ideas about this topic IPsec-road-warrior seem not working on OSX/iOS-devices? I think the main issue is that for the mobile-client the "peer identifier" seems to be missing?
#20
18.7 Legacy Series / [SOLVED] IPsec VPN for iPhone Device
January 11, 2019, 01:17:18 AM
Dear all,
since a few days I'm trying to setup a working IPsec VPN connection to my iPhone. I tried it with several options, with certificate, with PSK, ... Always the same issue, I get no connection to my IPsec-VPN-server. At the meantime I think there are some firewall rules missing, due to the fact "VPN server does not answer". But I released all necessary ports like described in the wiki.
If I'm trying OpenVPN connection between iPhone and OPNsense does work without problems.
Does anybody have an idea what to do? Thanks very much!
since a few days I'm trying to setup a working IPsec VPN connection to my iPhone. I tried it with several options, with certificate, with PSK, ... Always the same issue, I get no connection to my IPsec-VPN-server. At the meantime I think there are some firewall rules missing, due to the fact "VPN server does not answer". But I released all necessary ports like described in the wiki.
If I'm trying OpenVPN connection between iPhone and OPNsense does work without problems.
Does anybody have an idea what to do? Thanks very much!
