OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.7 Legacy Series »
  • IPsec windows client
« previous next »
  • Print
Pages: [1]

Author Topic: IPsec windows client  (Read 2142 times)

loganx1121

  • Full Member
  • ***
  • Posts: 123
  • Karma: 0
    • View Profile
IPsec windows client
« on: October 14, 2019, 01:14:10 pm »
So I used this guide https://wiki.opnsense.org/manual/how-tos/ipsec-rw-srv-mschapv2.html

I did the Certificate stuff on the firewall. I exported the CA and installed it on the client machine. When I try to connect on the Windows client, the VPN logs show my public IP "not confirmed by certificate, defaulting to <the cert I made>", and the client just says "Connecting" forever and doesn't go anywhere. 

I've also posted on the reddit forum with more screen shots if that helps here:

https://www.reddit.com/r/OPNsenseFirewall/comments/dhjwwz/need_some_ipsec_help_pretty_please/

Logged

loganx1121

  • Full Member
  • ***
  • Posts: 123
  • Karma: 0
    • View Profile
Re: IPsec windows client
« Reply #1 on: October 14, 2019, 04:47:15 pm »
Just tinkering around some more. If I modify the client connection to "Use machine certificates" for authentication, I can see the traffic come in on the firewall live logs and I can see it's allowed, but it seems to be hitting the rule I setup for the incoming connections/port forward for the chat server.

I moved this rule to the bottom and now I can't see any of the connection attempts in the logs, whether I have it set for machine cert or MSCHAPv2.
Logged

loganx1121

  • Full Member
  • ***
  • Posts: 123
  • Karma: 0
    • View Profile
Re: IPsec windows client
« Reply #2 on: October 15, 2019, 04:44:29 pm »
So as far as I can tell, the traffic isn't even getting to the firewall.  I have no idea why.  The DDNS I'm using for the IPSec connection is the same one I am using for the port forward and configuration for my XMPP server, which is up and working.  If I "inspect" the firewall rules I was told to add via the guide, and the firewall rule for the IPsec, I see several "evaluations" but no packets, bytes, or states.  But here is something interesting...

- If I leave the client configuration on the Windows 10 machine the way the guide tells me, and I initiate the connection, it just says "Connecting" and never does anything.

- If I switch it to "Use machine certifcates" then it says Connecting, it displays the DDNS name, and then fails with the error "IKE failed to find valid machine certificate"

- If I modify it to say "Use my windows logon credentials", it says Connecting, it displays the DDNS name, but it just hangs after that.

Regardless of which option I choose above, the states, packets, bytes on the rules remain at 0
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.7 Legacy Series »
  • IPsec windows client
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2