Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
IPSec site-to-site with dynamic IPs
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSec site-to-site with dynamic IPs (Read 3850 times)
Androxin
Newbie
Posts: 1
Karma: 0
IPSec site-to-site with dynamic IPs
«
on:
April 08, 2019, 08:51:10 pm »
Hey,
I'm just desperate for the following assignment.
I need an IPsec VPN tunnel to connect two sites.
In the office is a normal DSL connection with a dynamic IP. There I have a dyndns domain.
In the LAN are several VLANs/networks (172.17.10.0/24, 172.17.20.0/24, ...) available.
There, opnSense is used as a firewall/router/DHCP.
On the other site, I have a MikroTik LTE router. Of course, this router also gets a dynamic IP from the provider.
There is the LAN 172.18.1.0/24 configured.
Actually I wanted to use openVPN. Since opnSense has problems with the routing entries, I gave up sometime and tried IPSec.
But now I got stuck as well.
Basically the connection seems to work. In phase 1 the remote peer is 0.0.0.0.
Authentication via FQDN.
However, the tunnel is not completely built.
In the log of the opnSense it says that no virtual IP could be found.
Apr 6 23:06:53 charon: 09[IKE] <con1|556> failed to establish CHILD_SA, keeping IKE_SA
Apr 6 23:06:53 charon: 09[IKE] <con1|556> configuration payload negotiation failed, no CHILD_SA built
Apr 6 23:06:53 charon: 09[IKE] <con1|556> no virtual IP found, sending INTERNAL_ADDRESS_FAILURE
Apr 6 23:06:53 charon: 09[IKE] <con1|556> no virtual IP found for %any requested by 'remote.de'
Apr 6 23:06:53 charon: 09[IKE] <con1|556> peer requested virtual IP %any
Can someone tell me what the message is about and how to fix it?
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IPSec site-to-site with dynamic IPs
«
Reply #1 on:
April 09, 2019, 08:44:48 am »
Are you trying to build mobile peer? It doesn't look like site-to-site.
19.1.5 has an option for normal Phase 1 entries to mark them "dynamic" and you would have to use it both phase 1 entries on both sides.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
IPSec site-to-site with dynamic IPs