Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
[SOLVED] Connect VPN with Fritzbox 7490 - IPSec
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Connect VPN with Fritzbox 7490 - IPSec (Read 13845 times)
PotatoCarl
Full Member
Posts: 134
Karma: 5
[SOLVED] Connect VPN with Fritzbox 7490 - IPSec
«
on:
December 01, 2016, 04:40:05 pm »
Hi All,
I had with pfSense a AVM Fritzbox 7390 working well via VPN (Ipsec). However, I cannot get my new 7490 to cooperate and connect to the OPNsense.
In the OPNSense logfiles it prints "Aggressive mode disabled for security reasons". That is nice, but maybe a problem, as I remember that AVM needs to use agressive mode to connect.
Also, it seems as I cannot import my config files for the Fritzbox. As they are practially not documented, I have no idea why.
So, has anybody a working configuration he can post?
Is there a way to turn on agressive mode (which seems to be in the Documentation as working)?
Any other hints?
Thank you.
Cheers
«
Last Edit: December 02, 2016, 06:16:38 pm by franco
»
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: Connect VPN with Fritzbox 7490 - IPSec
«
Reply #1 on:
December 01, 2016, 04:42:03 pm »
Oh, forgot to say: The log file says "N(AUTH_FAILED)"
I verified that both use the same PSK and identifiers.
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Connect VPN with Fritzbox 7490 - IPSec
«
Reply #2 on:
December 01, 2016, 05:05:03 pm »
Hmm, the GUI phase 1 entry for IKEv1 will let you flip from main to aggressive mode?
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: Connect VPN with Fritzbox 7490 - IPSec
«
Reply #3 on:
December 01, 2016, 05:11:11 pm »
Yes. I can set it to "agressive" but the log says
"charon: 12[IKE] <4309> Aggressive Mode PSK disabled for security reasons".
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Connect VPN with Fritzbox 7490 - IPSec
«
Reply #4 on:
December 01, 2016, 05:16:46 pm »
Strange. Which one is the OPNsense log, which one the Fritzbox log?
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: Connect VPN with Fritzbox 7490 - IPSec
«
Reply #5 on:
December 01, 2016, 05:24:33 pm »
I just copied the OPNsense log in my previous posts. Fritzbox just says "Authentification failed".
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Connect VPN with Fritzbox 7490 - IPSec
«
Reply #6 on:
December 01, 2016, 05:29:23 pm »
Thats not a lot of help from the Fritzbox for a "Qualitätsrouter mit besserer Sicherheitstechnik".
But anyway, is this a site-to-site or road warrior setup? If the latter, who is the road warrior?
In general IKEv1 main mode should work if set on both sides for site-to-site.
Unfortunately, the 7490 doesn't do IKEv2.
Cheers,
Franco
Logged
Andreas
Sr. Member
Posts: 272
Karma: 9
Re: Connect VPN with Fritzbox 7490 - IPSec
«
Reply #7 on:
December 02, 2016, 07:48:09 am »
Hi,
i do have a valid setup running... it works but in your case i dont know how to help
how you made the fritzbox config?
for me it doenst worked with the application from avm - i ever used used a text editor
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: Connect VPN with Fritzbox 7490 - IPSec
«
Reply #8 on:
December 02, 2016, 09:11:24 am »
Hi,
first thank you for your input so far. I got it work. The solution was... (tensions are rising)... restart the IPSec Daemon. "Accept the changes" is just not sufficient, I had to restart the service and then suddenly "aggressive" mode was performed and badaboum (BigBadaboum!) I had my connection.
Well, at last according to the log files. I used simply the IP-Adresses of the hosts (have fixed adresses on either side) as identifiers and at the FritzBox the "Fritzbox to other LAN" wizard.
I am currently a little amiss about the firewall rules. I cannot connect to any host from either side. I tried to follow the howto at
https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html?highlight=ipsec#firewall-rules-site-a-site-b
and was stopped at the first rule on the WAN-side: I don't have a protocol option "IPv4 ESP".
I have rules on both, the LAN and the IPSEC side of passing everything from the respective subnet into the other subnet. But still, cannot get any ping or anything else through.
Do I miss here something?
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: Connect VPN with Fritzbox 7490 - IPSec
«
Reply #9 on:
December 02, 2016, 11:32:06 am »
Okay, sometimes waiting helps. Was too impatient, now everything works fine.
I used the rules for UDP 500 and 4500 but not the ESP (no idea how to do it) and everything works.
So, case solved.
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Connect VPN with Fritzbox 7490 - IPSec
«
Reply #10 on:
December 02, 2016, 06:14:29 pm »
Yay, cool, thanks for checking back
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
[SOLVED] Connect VPN with Fritzbox 7490 - IPSec