Multiple IPSec roadwarrior problems

Started by ElFonte, February 19, 2021, 09:59:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 19, 2021, 09:59:23 PM
Hello, I'm a new poster here with a few years on my shoulders with OPNSense and PFSense
I recently migrated one of my firewalls from 20.7.4 to 21.1.1. Since then, when a road warrior VPN user connects when a different user is connected from the same network (behind NAT, so different local IP but same public IP) the first one can't access the network but the connection stays open
I've checked the logs, there doesn't seem to be anything wrong there. I've checked the config, and nothing is changed, neither in the client side (wich still works on a different 20.7.4 server) or the server side
Anyone else experiencing problems like this?
Thanks a lot for the help
February 20, 2021, 07:19:10 AM #1
This usually comes when the router at client side cant Nat multiple devices behind
February 21, 2021, 09:58:18 PM #2
Sadly, that's not the case, since the clients haven't changed anything. It happens to me when connecting from 2 different VMs, and I'm certain the only change has been on the firewall
February 25, 2021, 09:56:47 PM #3
Given I found no clue of what was grong, I reinstalled 20.7 in a different VM and updated it to the latest version available before enabling the update to 21, restored a backup from 21.1 (I know this shouldn't be done, it was just a test) and it's working correctly, allowing multiple connections from the same public IP
There seems to be a bug in OPNSense, how do I report it?
Thanks a lot
February 26, 2021, 10:17:40 AM #4 Last Edit: February 26, 2021, 10:47:12 AM by goodomens42
Same problem here since updating to 21.1.2 yesterday.
Multible IPSEC road-warriors "kick out" each other when connecting from the same IP.
We use IKEv2 with Microsoft RADIUS accounts, each VPN user has it's own RADIUS account.
Worked fine before with 20.7.7.

I just reported the problem on github as issue #4757
February 26, 2021, 11:11:57 AM #5
Can you do me a favor and test against 20.7.8 and 21.0 so we can find in which release the change was?
February 27, 2021, 01:36:54 AM #6
@mimugmail

Did the updates one by one and tested with pings as described in the github issue:

20.7.7_1   (before update) works fine
20.7.8_4   works fine
21.1      fails, as soon as the second connection is started, the first ping stalls
21.1.2       fails, not tested again
March 02, 2021, 11:19:17 PM #7
Hello, just tested it and got the same results
20.7.8_4 works fine
21.1 doesn't work
If there is any other test to do, please tell me, I have both versions in different hard drives ready to try
March 03, 2021, 09:22:38 AM #8
@ElFonte: I reported this on github, see

https://github.com/opnsense/core/issues/4757

A patch was posted yesterday, try

Code Select
opnsense-patch  8bf80e0

Works fine for me :)
March 10, 2021, 09:48:03 PM #9
@goodomens42 thanks a lot, forgot to report that it works fine now
Print
Go Up Pages1
User actions