Problems with ipsec site to site VPN

mekano · March 05, 2024, 05:09:39 PM

i am trying to establish a site to site vpn between to opnsense box. Box1 have version 23.7.12_5 and Box 2 have version 24.1.2_1. The two isp connexion have a dynamic ip. Phase one and phase 2 are congured using the same settings. I saw the connexion coming out of box1 to box2 on port 500. I saw the incoming conexion coming in in box1. But the vpn never came up.

i initiate the connexion from the Box1.

I have attached the log from the Box2.

i have added the rule for port 500 4500 nat-traversal and for ESP protocol

Thank you

mekano · March 05, 2024, 06:11:19 PM

i have done a new lookup at the log here is what i found. See the attached file.

it always failed with NO_PROPOSAL_CHOSEN

Patrick M. Hausen · March 05, 2024, 06:22:31 PM

Assuming you are correct and the phase 1 parameters are indeed identical, are the phase 2 networks mirrored? I.e. what is local at site A is remote at site B and vice versa?

mekano · March 05, 2024, 06:33:57 PM

yes it is

Problems with ipsec site to site VPN

mekano

March 05, 2024, 05:09:39 PM

mekano

March 05, 2024, 06:11:19 PM #1

Patrick M. Hausen

March 05, 2024, 06:22:31 PM #2

mekano

March 05, 2024, 06:33:57 PM #3