Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Replaced pfSense for OPNsense, IPSEC will not connect (to SonicWALL router)
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: Replaced pfSense for OPNsense, IPSEC will not connect (to SonicWALL router) (Read 14770 times)
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Replaced pfSense for OPNsense, IPSEC will not connect (to SonicWALL router)
«
Reply #15 on:
November 06, 2018, 11:36:17 pm »
Keeping this under observation... browsers shouldn't do this, but maybe we need to be more vivid in enforcement.
Long-term this is no issue, the MVC/API code should not be affected by this issue. Worst case saving fails, but that's what the browser gets for disabling JS.
Cheers,
Franco
Logged
space-hunter
Newbie
Posts: 2
Karma: 1
Re: Replaced pfSense for OPNsense, IPSEC will not connect (to SonicWALL router)
«
Reply #16 on:
January 30, 2019, 10:02:37 am »
Hi, thanks for this info !
I run in the same error. I tried to configure a side2side vpn with IExplorer. After a few hours and reading this post, I know why :-)
After saving the setting with IE, this error is showing in VPN log File.
Jan 30 09:33:09 charon: 10[NET] <con1-000|8> sending packet: from 192.168.20.40[500] to 192.168.22.132[500] (84 bytes)
Jan 30 09:33:09 charon: 10[ENC] <con1-000|8> generating INFORMATIONAL_V1 request 4075737163 [ HASH D ]
Jan 30 09:33:09 charon: 10[IKE] <con1-000|8> sending DELETE for IKE_SA con1-000[8]
Jan 30 09:33:09 charon: 10[IKE] <con1-000|8> deleting IKE_SA con1-000[8] between 192.168.20.40[C=NL, ST=Zuid-Holland, L=Middelharnis, O=OPNsense]...192.168.22.132[192.168.22.132]
Jan 30 09:33:09 charon: 10[CFG] <con1-000|8> constraint check failed: peer not authenticated by CA 'C=DE, ST=Bavaria, L=xx, O=xx, E=xx@xx, CN=CA_xx'
Jan 30 09:33:09 charon: 10[IKE] <con1-000|8> received DPD vendor ID
Jan 30 09:33:09 charon: 10[ENC] <con1-000|8> parsed ID_PROT response 0 [ ID HASH V ]
Jan 30 09:33:09 charon: 10[NET] <con1-000|8> received packet: from 192.168.22.132[500] to 192.168.20.40[500] (84 bytes)
and this is the main part the file /usr/local/etc/ipsec.conf
ike = 3des-sha1-modp1024!
leftauth = psk
rightauth = psk
leftcert = /usr/local/etc/ipsec.d/certs/cert-1.crt
leftsendcert = always
rightca = "/C=DE/ST=xxx/L=xxx/O=xxx /emailAddress=xxx/CN=xxx/"
rightid = 192.168.22.132
rightsubnet = 192.168.22.192/28
leftsubnet = 192.168.7.0/24
esp = aes256-sha1-modp1024,3des-sha1-modp1024!
After saving the setting with Chrome, everything works as expected.
With IExplorer, 'My Certificate' and 'My Certificate Authority' fields are showing up, and I can not remove this setting.
With Chrome, this fields are not showing up.
OPNsense 18.7.9-amd64
IE 11.1563.15063.0
Chrome 71.0.3578.98
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Replaced pfSense for OPNsense, IPSEC will not connect (to SonicWALL router)
«
Reply #17 on:
January 30, 2019, 12:20:17 pm »
It will be fixed for IE in 19.1 tomorrow.
Cheers,
Franco
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Replaced pfSense for OPNsense, IPSEC will not connect (to SonicWALL router)