New IPSEC guides?

[ThyOnlySandman]

Does anyone know of a good GUI guide for the new 23.x IPSEC policy setup?  (swantcl.conf)

Following below example I cannot get a tunnel to come up.  Nor do I see anything under IPSEC log?  Does "new connections" even use GUI IPSEC log?  Or is that just for "legacy" IPSEC tunnels only?

I've setup a lab exactly like this example just with different subnets.
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-conn.html

[Lokutos]

What do you need?

first answer, yes the Log file is used... (switch to debug give most errors if something not work)


if you give me you info what kind of VPN you want to create i can give you a guide how to setup.

VTI or policy based?
(i recomend VTI / Routed)

[ThyOnlySandman]

Well - I've been first trying to learn policy based with public keys.

I'm finally making some progress.  Had several issues.

My VMware lab switches / environment needed adjustment.

The legacy tunnel settings section needs "ipsec enabled" at bottom is for new policy connections.

I had IKE proposal set to aes256gcm16-ecp521 which is apparently not the proper AEAD algorithm?  Switched to aes256gcm16-sha512-x25519 and tunnel finally came up.  (I really need to spend some time learning these)

And finally "New connections" apparently doesn't auto add ESP rule to WAN?  Also missing UDP 500 + 4500 yet tunnel working without after just adding ESP?