Short guide: OPNsense IPsec VPN for iOS and macOS clients

Started by thomergil, April 12, 2022, 10:56:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 12, 2022, 10:56:27 PM
I collected a number of howtos, documents, and many, many posts on this forum into a short guide. It describes getting an OPNsense IPsec VPN server to work with iOS and macOS clients.

https://github.com/thomergil/opnsense-ipsec-vpn

Obviously happy to correct any errors/mistakes anyone finds.
August 04, 2024, 12:00:59 PM #1
Is there anyone who got this working recently? I tried to set it up with OPNSsense 24.7 and i'm struggling, some options are no longer there, others not mentioned in the guide are required (like remote address). I got it working partially but now i'm stuck with this message in the logs:

2024-08-04T11:57:47   Informational   charon   12[NET] <170> sending packet: from 84.x.x.x[4500] to 80.x.x.x[28637] (140 bytes)   
2024-08-04T11:57:47   Informational   charon   12[ENC] <170> generating INFORMATIONAL_V1 request 3659953014 [ HASH N(AUTH_FAILED) ]   
2024-08-04T11:57:47   Informational   charon   12[IKE] <170> no peer config found   
2024-08-04T11:57:47   Informational   charon   12[CFG] <170> looking for XAuthInitPSK peer configs matching 84.x.x.x...80.x.x.x[0.0.0.0]   
2024-08-04T11:57:47   Informational   charon   12[ENC] <170> parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]   
2024-08-04T11:57:47   Informational   charon   12[NET] <170> received packet: from 80.x.x.x[28637] to 84.x.x.x[4500] (140 bytes)   
2024-08-04T11:57:47   Informational   charon   12[NET] <170> sending packet: from 84.x.x.x[500] to 80.x.x.x[500] (460 bytes)   
2024-08-04T11:57:47   Informational   charon   12[ENC] <170> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]   
2024-08-04T11:57:47   Informational   charon   12[IKE] <170> remote host is behind NAT   
2024-08-04T11:57:47   Informational   charon   12[IKE] <170> local host is behind NAT, sending keep alives   
2024-08-04T11:57:47   Informational   charon   12[ENC] <170> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]   
2024-08-04T11:57:47   Informational   charon   12[NET] <170> received packet: from 80.x.x.x[500] to 84.x.x.x[500] (444 bytes)   
2024-08-04T11:57:46   Informational   charon   12[NET] <170> sending packet: from 84.x.x.x[500] to 80.x.x.x[500] (160 bytes)   
2024-08-04T11:57:46   Informational   charon   12[ENC] <170> generating ID_PROT response 0 [ SA V V V V ]

Anyone any hints? Would be greatly appreciated.

Kind regards

Jan
October 27, 2024, 06:45:00 AM #2
Hi, I also tried for several hours to get an IPSec connection working on OS X.

Did you get it working somehow?
October 27, 2024, 07:01:32 PM #3
Nope, no chance. Switched eventually to WireGuard which works perfectly on iOS.
Print
Go Up Pages1
User actions