Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
VPN client connection fails
« previous
next »
Print
Pages: [
1
]
Author
Topic: VPN client connection fails (Read 1921 times)
ian.bugeja
Newbie
Posts: 6
Karma: 0
VPN client connection fails
«
on:
March 03, 2022, 01:13:43 pm »
Have a weird issue which have been troubling me for months....
I have a PC on the LAN connecting to a VPN (checkpoint) via the Windows Checkpoint app. The connection establishes but immediately drops. Cannot explain why.
The system is is quite straight forward. Simple WAN and LAN with NAT. Cannot even see the dropped/deny connection attempts in the firewall view.
Any pointers would help
OPNsense is latest version
Logged
bartjsmit
Hero Member
Posts: 2016
Karma: 194
Re: VPN client connection fails
«
Reply #1 on:
March 04, 2022, 07:32:29 am »
Hi Ian,
Interfaces, diagnostics, packet capture
interface - LAN
host address - IP address of the PC
start capture, attempt the connection, stop capture, download the .cap file and open in Wireshark
Are there any logs in the client? Can you ask the Checkpoint admin for diagnostics?
Bart...
Logged
ian.bugeja
Newbie
Posts: 6
Karma: 0
Re: VPN client connection fails
«
Reply #2 on:
March 06, 2022, 12:39:46 am »
Thanks, yes already had a look and did one again. Performed both on WAN and the internal interface and I can see exact same packets, so I think I can exclude the Firewall Rules.
On Checkpoint Client side i see the logs, which indicates that it's connecting (port 443) but then fails to establish the tunnel.
[6 Mar 0:28:32] Policy changed, restarting connection (2)
[6 Mar 0:28:32] Sent ClientHello
[6 Mar 0:28:34] upgarde is not configured on the site
[6 Mar 0:28:34] Starting new connection (2)
[6 Mar 0:28:35] Topology download in progress
[6 Mar 0:28:35] upgarde is not configured on the site
[6 Mar 0:28:35] firewall policy desktop_policy connected enforced successfully
[6 Mar 0:28:35] Office mode IP was set successfully
[6 Mar 0:28:37] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18001.
[6 Mar 0:28:38] OM started successfully with IP = 192.168.170.86.
[6 Mar 0:28:38] Client state is connecting
[6 Mar 0:28:38] Connection was successfully established (2)
[6 Mar 0:28:39] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18002.
[6 Mar 0:28:41] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18003.
[6 Mar 0:28:43] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18004.
[6 Mar 0:28:45] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18005.
[6 Mar 0:28:47] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18006.
[6 Mar 0:28:49] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18007.
[6 Mar 0:28:51] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18008.
[6 Mar 0:28:53] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18009.
[6 Mar 0:28:55] IKE tunnel disconnected, error code=-1000. Reason: Site is not responding.
[6 Mar 0:28:55] Client state is connected
[6 Mar 0:28:55] Tunnel (2) disconnected. State is connected. Trying to reconnect.
Logged
ian.bugeja
Newbie
Posts: 6
Karma: 0
Re: VPN client connection fails
«
Reply #3 on:
August 20, 2022, 09:43:05 am »
Spent hours looking at the capture and couldn't figure out anything. It seems that no data is received and it's being dropped for some weird reason.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
VPN client connection fails