Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Problems with the new IPsec Connection tab and assigning a pool adress
« previous
next »
Print
Pages: [
1
]
Author
Topic: Problems with the new IPsec Connection tab and assigning a pool adress (Read 521 times)
Phomakesmehappy
Newbie
Posts: 2
Karma: 0
Problems with the new IPsec Connection tab and assigning a pool adress
«
on:
February 01, 2024, 11:28:48 am »
Hi,
I have to get a roadwarrior EAP_MSCHAPV2 config to work with the additional obstacle of IoT clients, so I can't access any log on the client side.
I managed to get everything working under the legacy GUI, albeit not stable enough for my taste (no proposals found for renegotiating), and I would like to use the newer GUI.
I want to use static IPs for every client, but no IP from the pool gets assigned albeit phase 1 working.
024-02-01T11:08:10 Informational charon 06[NET] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> sending packet: from 10.246.42.10[4500] to 10.246.42.51[4500] (500 bytes)
2024-02-01T11:08:10 Informational charon 06[NET] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> sending packet: from 10.246.42.10[4500] to 10.246.42.51[4500] (1236 bytes)
2024-02-01T11:08:10 Informational charon 06[IKE] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> received retransmit of request with ID 1, retransmitting response
2024-02-01T11:08:10 Informational charon 06[NET] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> received packet: from 10.246.42.51[4500] to 10.246.42.10[4500] (416 bytes)
2024-02-01T11:08:06 Informational charon 09[NET] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> sending packet: from 10.246.42.10[4500] to 10.246.42.51[4500] (500 bytes)
2024-02-01T11:08:06 Informational charon 09[NET] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> sending packet: from 10.246.42.10[4500] to 10.246.42.51[4500] (1236 bytes)
2024-02-01T11:08:06 Informational charon 09[ENC] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> generating IKE_AUTH response 1 [ EF(2/2) ]
2024-02-01T11:08:06 Informational charon 09[ENC] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> generating IKE_AUTH response 1 [ EF(1/2) ]
2024-02-01T11:08:06 Informational charon 09[ENC] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> splitting IKE message (1664 bytes) into 2 fragments
2024-02-01T11:08:06 Informational charon 09[ENC] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/MSCHAPV2 ]
2024-02-01T11:08:06 Informational charon 09[IKE] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> sending end entity cert "C=DE, ST=Hamburg, L=Hamburg, O=Compugroup, E=joern.bonte@cgm.com, CN=opnSense-IPSec"
2024-02-01T11:08:06 Informational charon 09[IKE] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> authentication of '10.246.42.10' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
2024-02-01T11:08:06 Informational charon 09[IKE] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> peer supports MOBIKE
2024-02-01T11:08:06 Informational charon 09[IKE] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> initiating EAP_MSCHAPV2 method (id 0x0A)
2024-02-01T11:08:06 Informational charon 09[IKE] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> using configured EAP-Identity kt1
2024-02-01T11:08:06 Informational charon 09[CFG] <c8d2c7ac-39de-4b39-aec4-21378f35744e|3> selected peer config 'c8d2c7ac-39de-4b39-aec4-21378f35744e'
2024-02-01T11:08:06 Informational charon 09[CFG] <3> looking for peer configs matching 10.246.42.10[%any]...10.246.42.51[10.246.42.51]
2024-02-01T11:08:06 Informational charon 09[IKE] <3> REDACTED"
2024-02-01T11:08:06 Informational charon 09[ENC] <3> parsed IKE_AUTH request 1 [ IDi CERTREQ CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
2024-02-01T11:08:06 Informational charon 09[NET] <3> received packet: from 10.246.42.51[4500] to 10.246.42.10[4500] (416 bytes)
2024-02-01T11:08:05 Informational charon 09[NET] <3> sending packet: from 10.246.42.10[500] to 10.246.42.51[500] (497 bytes)
2024-02-01T11:08:05 Informational charon 09[ENC] <3> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
2024-02-01T11:08:05 Informational charon 09[IKE] <3> sending cert request for "REDACTED"
2024-02-01T11:08:05 Informational charon 09[IKE] <3> faking NAT situation to enforce UDP encapsulation
2024-02-01T11:08:05 Informational charon 09[CFG] <3> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
2024-02-01T11:08:05 Informational charon 09[IKE] <3> 10.246.42.51 is initiating an IKE_SA
2024-02-01T11:08:05 Informational charon 09[ENC] <3> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
2024-02-01T11:08:05 Informational charon 09[NET] <3> received packet: from 10.246.42.51[500] to 10.246.42.10[500] (1156 bytes)
This is the log output. Any tips on how to troubleshoot this any further ? The connection tab shows an active connection, but the client in question still uses it's own static IP instead of the pool IP.
Thanks a lot in advance!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Problems with the new IPsec Connection tab and assigning a pool adress