Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Need help with IPSec and Windows machines
« previous
next »
Print
Pages: [
1
]
Author
Topic: Need help with IPSec and Windows machines (Read 2028 times)
loganx1121
Full Member
Posts: 123
Karma: 0
Need help with IPSec and Windows machines
«
on:
October 15, 2019, 02:24:10 am »
I posted in the 19.7 production forum but looks like people are posting questions here as well so I figured it couldn't hurt since I am completely stuck.
I've also posted on the reddit which includes screen shots here:https://www.reddit.com/r/OPNsenseFirewall/comments/dhjwwz/need_some_ipsec_help_pretty_please/
Basically I'm trying to setup IPSec and have it work with Windows 10 clients, and I am failing miserably. I followed the guide on the wiki, but when I try to connect from my friends laptop (using teamviewer for the remote session) I can't even see the traffic from her public IP hit my firewall.
Key points:
- I followed this guide:
https://wiki.opnsense.org/manual/how-tos/ipsec-rw-srv-mschapv2.html
- I downloaded the CA from the firewall and installed it on the client laptop
- I'm using DDNS so people can use a name to reach my public IP. This has worked flawlessly before with other setups
- I can't see the traffic in the live firewall logs when I try to make the connection from my friends laptop
I am assuming I'm doing something stupid, or missing something, but I've been at it for 2 days straight and I'm just lost. Please let me know if I can provide further screen shots or information beyond what is posted in the reddit thread if it will help.
Thank you in advance.
Logged
loganx1121
Full Member
Posts: 123
Karma: 0
Re: Need help with IPSec and Windows machines
«
Reply #1 on:
October 15, 2019, 04:41:37 pm »
So as far as I can tell, the traffic isn't even getting to the firewall. I have no idea why. The DDNS I'm using for the IPSec connection is the same one I am using for the port forward and configuration for my XMPP server, which is up and working. If I "inspect" the firewall rules I was told to add via the guide, and the firewall rule for the IPsec, I see several "evaluations" but no packets, bytes, or states. But here is something interesting...
- If I leave the client configuration on the Windows 10 machine the way the guide tells me, and I initiate the connection, it just says "Connecting" and never does anything.
- If I switch it to "Use machine certifcates" then it says Connecting, it displays the DDNS name, and then fails with the error "IKE failed to find valid machine certificate"
- If I modify it to say "Use my windows logon credentials", it says Connecting, it displays the DDNS name, but it just hangs after that.
Regardless of which option I choose above, the states, packets, bytes on the rules remain at 0
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Need help with IPSec and Windows machines