Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
IPSEC + OPENVPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC + OPENVPN (Read 6673 times)
Julien
Hero Member
Posts: 666
Karma: 33
IPSEC + OPENVPN
«
on:
July 18, 2016, 06:00:21 pm »
Hi Guys,
I have 16.7 Hardware running file with the OPENVPN Two Factor Authenticator.
With two factor Authentication for iPhone users is pain in the ass.
I am planning to configure IPSEC for Mobile users. Is this gonna works with the OPENVPN service on ?
Thank you
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Julien
Hero Member
Posts: 666
Karma: 33
Re: IPSEC + OPENVPN
«
Reply #1 on:
July 19, 2016, 07:00:27 pm »
Managed to get this working,
When the user is connect over IPSEC , can't ping the LAN or anything.
I've created a Rule on the IPSEC to access the LAN but its not working.
See attached for the firewall rule on the IPSEC Interface.
It doesn't works even with the rules any to any.
I have checked the log there is nothing that says something about the block.
It does shows the process of how the tunnel is build up with no warning.
Please advise
«
Last Edit: July 19, 2016, 07:21:08 pm by Julien
»
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Julien
Hero Member
Posts: 666
Karma: 33
Re: IPSEC + OPENVPN
«
Reply #2 on:
July 19, 2016, 08:26:23 pm »
Can someone please advise as it become critical for our mobile users.
I can't go to the internet or ping the devices over the LAN
Even can't ping 8.8.8.8
The settings of the tunnels are not descriptor on the Doc so can't seem to configure the tunnel correctly .
PLEASE HELP.
See screenshot those options are not descripte on the Document.
I can ping the connected client from the LAN using the IP of the tunnel. But the client can't ping the LAN.
Please advise
Firewall: NAT: Outbound has two Rules see attached .
One static 500 ISAKMP and one not . Please see attached picture.
«
Last Edit: July 19, 2016, 09:19:08 pm by Julien
»
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: IPSEC + OPENVPN
«
Reply #3 on:
July 20, 2016, 12:06:03 am »
Hi Julien,
Pinging 8.8.8.8 won't work if you only allow IPSec to access LAN...
Make sure to go through these steps:
https://docs.opnsense.org/manual/how-tos/ipsec-road.html
It sounds like your Phase 2 local network setup is wrong or no policies are generated for it. Policies are normally "automagic" and not having them work is a complication in the (complexity of the) setup.
Sometimes the traffic comes in, but doesn't go back, sometimes it never reaches IPSec locally. You'll have to do some packet capturing on your box to confirm. See "Interfaces: Diagnostics: Packet Capture" to capture on IPsec interface.
Cheers,
Franco
Logged
Julien
Hero Member
Posts: 666
Karma: 33
Re: IPSEC + OPENVPN
«
Reply #4 on:
July 20, 2016, 08:57:20 am »
Hi Fran o,
I just double check it , the configuration is really one of one,
Didn't miss a step, every step is copy and past.
I did a capture but nothing really there .
Hope there are more steps to troubleshoot this . As our users are leaving today the office for two weeks business trip .
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Julien
Hero Member
Posts: 666
Karma: 33
Re: IPSEC + OPENVPN
«
Reply #5 on:
July 20, 2016, 06:37:25 pm »
WE hve configured openvpn for the clients. we couldnt get it to work.
right now we are set, i hope you guys can have a look at this in the near future.
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
IPSEC + OPENVPN