Problem with multiple VPN-Peer rightpeer: %any

smooth_81 · August 19, 2019, 02:46:52 PM

I've setup a central opnsense appliance to host some (~600) VPN connections.
I need to use %any as Peer IP and to use rightid with distinguisher to assign the correct Config. I have no option to use something like dyndns to resolve peer ip's.

The problem comes when i define more than one tunnel with peer ip %any. When the second peer connects OPNSense does not use the right PSK, but only the PSK from the first defined Connection.
Weird, because the PSK is attached to the DN in ipsec.secrets.

Is this a bug? I'm using actual version OPNsense 19.7.2-amd64

mimugmail · August 19, 2019, 05:49:52 PM

Just use IKEv2, works like a charm

smooth_81 · August 21, 2019, 01:47:04 PM

Quote from: mimugmail on August 19, 2019, 05:49:52 PM
Just use IKEv2, works like a charm

That would be great, but AVM Fritzbox does not support IKEv2 >:(

Any other hint?

mimugmail · August 21, 2019, 02:51:42 PM

No, then the PSK has to be the same I'd guess. Or use certificate authentication

Problem with multiple VPN-Peer rightpeer: %any

smooth_81

August 19, 2019, 02:46:52 PM

mimugmail

August 19, 2019, 05:49:52 PM #1

smooth_81

August 21, 2019, 01:47:04 PM #2

mimugmail

August 21, 2019, 02:51:42 PM #3