Topics

1

Virtual private networks / Config for a hub spoke setup using the mobile client.

« on: February 06, 2023, 09:26:57 am »

Question about traffic with the config. We are trying to replace a fortinet with a opnsense solution .  We have remote sites (spokes) with a firewall which connects to our central hub. Each remote site has at 10.x.y.0/24 subnet.

configuration
IpSec Mobile clients

Tunnel Settings Fase 1
Respond Only
IKE V1
IPV4
Wan interface
Authentication PSK + Xauth
Mainmode
My Identifier Distinguished name
AES 128 SHA1 DH5

Tunnel isolation
Nat traversel Force
DPD 90 sec 5 retries
Lifetime 3600


Fase 2
mode route-based
local 0.0.0.0   
remote 0.0.0.0
ESP AES12 SHA1 DH5
Lifetime 1800

The remote devices connect. We have two test devices which connect
10.123.10.0/24 10.123.10.254
10.123.11.0/24 10.123.11.254

In the status overview the remote subnets are showing in the Phase 2 overview

In het security Associatin database the connecttion are at the same ikeid and reqid
The Security Policy Database tab installed is empty.

The route 10.0.0.0/8 is added with the ipsec1 as gateway.
Firewall rule Lan outgoing to 10.0.0.0/8 with gateway ipsec1

But no traffic is been noticed.

In the firewall: Log Files Live View is dee the label let out anything from firewall host itself

The traffic is coming in but nog traffic is going out ?

Has anyone any suggestions how to solve this ?

2

23.1 Legacy Series / Mobile clients config not working in 23.1

« on: January 30, 2023, 07:18:26 am »

Hi to All,

We are researching the OpnSense to connect using the mobile clients to other remote sites with hvac controllers. The configuration we made in 22.7 works and we get a fase1 and fase2 of the remote sites.  So we tried the identical configuration in the 23.1 version and we are nog getting a fase1 connection running.  What i have noticed that the Lifetime setting is not as i would expect it to be found.  We also use My Identifier with a Distinguished name.  I am not sure where the problem is.   Thx for the support.