iPhone IPsec VPN client unable to communicate with local LAN once connected.

Started by ram_opn, May 18, 2022, 09:04:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 18, 2022, 09:04:55 PM
Hi,

I have a bit of an issue with an iPhone XS connecting to OpnSense IPSec VPN. The iPhone connects fine to the VPN instance, phase 1 and 2 completing successfully. I can see the iPhone obtains a virtual IPv4 address (10.0.0.1). I have also configured the Local Network to be my local 192.168.20.0/24 subnet. I have also created a rule on my ipsec network to allow packets from the ipsec interface to my local subnet.

When I try to browse to a local LAN subnet hosted service, I can see the inbound packet from the iphone (virtual address) to my LAN subnet, but phone just hangs there. I can see from packet traces the phone sends our syns, but nothing comes back.

Now when I look in the IPSec widget in the dashboard I can see the tunnel active, with ther tunnel detail shoring the phones public IP address for Connection (with %any), but the source is showing my local lan subnet, with destination showing 'dynamic', with status showing two opposing green arrows. Everything looks all ok.

Any advice or help would be greatly appreciated, forgive me as I am coming from an Juniper SRX340.

Thanks
May 18, 2022, 09:17:12 PM #1
I should have added: iPhone is on 15.1. I can also confirm that the virtual IP address allocated to the phone via IPsec VPN does not overlap with the local subnet.
May 19, 2022, 12:33:40 PM #2
I have fixed the issue. After looking into the problem a little more, I could see the iPhone sending packets to the local LAN subnet, but nothing returning via a packet trace. I confirmed this in the 'diag_ipsec.php' (VPN -> IPSEC -> Status Overview [expanding the connection].

[SOLUTION]
So after a little more digging, I found the setting 'Install Policy' in the Phase 1 configuration (vpn_ipsec_phase1.php). Once I enabled this, it all worked perfectly.
July 15, 2022, 04:19:55 PM #3
Quote from: ram_opn on May 19, 2022, 12:33:40 PM
I have fixed the issue.
[SOLUTION]
So after a little more digging, I found the setting 'Install Policy' in the Phase 1 configuration (vpn_ipsec_phase1.php). Once I enabled this, it all worked perfectly.

As I have to setup VPN connections for our iPhones for the first time,
could you please be so kind and share the knowledge which settings has to be made
for getting a running VPN configuration.

Print
Go Up Pages1
User actions