Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
15.1 Legacy Series
»
IPSec Mobile client (MacOS and iOS)
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSec Mobile client (MacOS and iOS) (Read 41720 times)
eustachy
Newbie
Posts: 6
Karma: 2
IPSec Mobile client (MacOS and iOS)
«
on:
June 30, 2015, 12:49:20 pm »
Welcome
I have some isues from about 2 weeks when connecting from Yosemite (OSX) and iPhone (iOS 9).
I've configured connection about 2 months ago, and all works fine.
After upgrade, I can't connect from any of this devices. Windows Shrew client works ok.
I looked in logs, but nothing special (no errors).
I have this situation about 1,5 month ago, but I upgrade to next release, and all works fine.
Do You have any ideas , where to start digging?
Thanks
Rafal
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IPSec Mobile client (MacOS and iOS)
«
Reply #1 on:
June 30, 2015, 01:39:47 pm »
Hi Rafal,
this most likely happened with 15.1.11.4 when StrongSwan got bumped from 5.3.0 to 5.3.2. I saw related commits in pfSense, e.g.
https://github.com/pfsense/pfsense/commit/29c9e14002b4a1566fa6afc6c4933b384b8e2242
I don't know the full scope of the problem yet, but I can, however, suggest a workaround based on reverting back to StrongSwan 5.3.0 in a little bit. Stay tuned.
Cheers,
Franco
Logged
eustachy
Newbie
Posts: 6
Karma: 2
Re: IPSec Mobile client (MacOS and iOS)
«
Reply #2 on:
June 30, 2015, 01:52:57 pm »
Thanks franco for a quick reply.
I was thinking that the problem is in strongswan package.
Do You know, how can I revert back to this package?
Thanks
Rafal
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IPSec Mobile client (MacOS and iOS)
«
Reply #3 on:
June 30, 2015, 02:48:53 pm »
From the root shell, do the following:
Please pick the right architecture and SSL flavour from the following links...
# fetch
https://pkg.opnsense.org/snapshots/amd64/LibreSSL/strongswan-5.3.0_2.txz
# fetch
https://pkg.opnsense.org/snapshots/amd64/OpenSSL/strongswan-5.3.0_2.txz
# fetch
https://pkg.opnsense.org/snapshots/i386/LibreSSL/strongswan-5.3.0_2.txz
# fetch
https://pkg.opnsense.org/snapshots/i386/OpenSSL/strongswan-5.3.0_2.txz
Afterwards:
# pkg add -f strongswan-5.3.0_2.txz
# pkg lock -y strongswan
This will prevent future firmware updates to the StrongSwan package. To unlock and go back to the latest version do this:
# pkg unlock -y strongswan
# pkg upgrade -y strongswan
Please let me know if that helps your case.
PS: You'll need to manually restart StrongSwan (or reboot) for the daemon to run the correct version (e.g. via the GUI)
Logged
eustachy
Newbie
Posts: 6
Karma: 2
Re: IPSec Mobile client (MacOS and iOS)
«
Reply #4 on:
June 30, 2015, 03:19:17 pm »
Ok I try tommorow, I don't want to take overtime in work today.
Thanks Rafal
Logged
eustachy
Newbie
Posts: 6
Karma: 2
Re: IPSec Mobile client (MacOS and iOS)
«
Reply #5 on:
July 01, 2015, 08:30:40 am »
I do it, as You wrote, rebooted service from gui via Status>Service>IPSec, but I still can't connect.
Where can I check currently used package version (of strongswan).
Thanks
Rafal
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IPSec Mobile client (MacOS and iOS)
«
Reply #6 on:
July 01, 2015, 08:35:27 am »
The GUI for firmware is a work in progress. From the command line, you can do:
# pkg info strongswan
This gives you a bunch of strongswan-related information, including the installed version.
It may also be related to the recent OpenSSL/LibreSSL updates. There are still images available for 15.1.11.1, which could help pin down the problem:
https://pkg.opnsense.org/releases/15.1.11.1/
This is the only problem report we've heard of so far. Are you sure there have been no changes in your network regarding routing or firewall rules?
«
Last Edit: July 01, 2015, 08:42:23 am by franco
»
Logged
eustachy
Newbie
Posts: 6
Karma: 2
Re: IPSec Mobile client (MacOS and iOS)
«
Reply #7 on:
July 01, 2015, 08:44:27 am »
Ok, so it is correct version:
root@srv-gate01:~ # pkg info strongswan
strongswan-5.3.0_2
Name : strongswan
Version : 5.3.0_2
Installed on : Wed Jul 1 08:21:29 CEST 2015
I know this is a stupid question, but I will check:
On my home page:
OPNsense 15.1.12-amd64
FreeBSD 10.1-RELEASE-p12
OpenSSL 1.0.2c 12 Jun 2015
This sugesting that I'm using OpenSSL not LibreSSL?
Thanks
Rafal
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IPSec Mobile client (MacOS and iOS)
«
Reply #8 on:
July 01, 2015, 08:46:01 am »
Yes, you are running OpenSSL. There have been API bumps for both SSL flavours just before 15.1.12 came out that might be related to what you are seeing.
Logged
eustachy
Newbie
Posts: 6
Karma: 2
Re: IPSec Mobile client (MacOS and iOS)
«
Reply #9 on:
July 01, 2015, 09:09:29 am »
Ok, so last thing, I can do it, it is to downgrade OPNSense. I will try it in non production enviroment first..
Thanks
Rafal
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IPSec Mobile client (MacOS and iOS)
«
Reply #10 on:
July 01, 2015, 09:32:25 am »
Thank you for your efforts!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
15.1 Legacy Series
»
IPSec Mobile client (MacOS and iOS)