cannot run IPsec

Started by dcol, April 13, 2025, 01:15:00 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 13, 2025, 01:15:00 AM
Whenever I try to connect I get 'ike authentication credentials are unacceptable'
I have gone over all the settings multiple times and cannot figure out how to solve this issue.
When it comes to the Trust settings, they aren't very clear to me so I used settings as close as possible from Deciso examples.
I use to have the legacy IPsec VPN and that worked until recently when it kept disconnecting every few hours.

What can I check?
Please help!
April 13, 2025, 09:16:54 PM #1
I decided to start over with using a dedicated OPNsense firewall and WAN IP just for VPN. I only need to VPN to one server (one IP) from a list of clients (Pre-Shared Keys).
The issue seems to be all the variances from websites showing instructions. Following the Decisio site definetly doesn't work. Some of that guide doesn't even match the detail information on the OPNsense GUI. As an example, the guide shows the IPsec local address connection to be the WAN IP and the Remote addresses to be empty (not shown) when the GUI info shows for Remote addresses 'To initiate a connection, at least one specific address or DNS name must be specified'. And the Local addresses can be left empty.
I think this is where my problems are. Not really sure what goes in these fields. I assume the Local would be the local server 192.168.40.26 and the remote to be my WAN IP.

Another issue is the change from Legacy. Many guides have mixed directions from Legacy and new.

Can anyone direct me to a correct guide to the new IPsec VPN setup?
April 13, 2025, 09:33:53 PM #2
April 14, 2025, 12:32:38 AM #3
Thanks for the reply, but I am not using site to site. I am trying to connect multiple clients to one server.
I just tried Wireguard following the instructions and when activated, it killed my client side internet. Also, didn't see any way to get to the shared folders on the server.

FYI, IPsec legacy worked fine, except it now randomly disconnects since OPNsense 25.1.4. Besides I need to change it because the legacy version is going away in 26.1.

For now my clients are using RadminVPN. Slow, but works.
I would prefer to not use VPN at all, but what other options are available to get remote access to a shared folder on a server?
April 14, 2025, 08:49:54 AM #4
Quote from: dcol on April 14, 2025, 12:32:38 AMI would prefer to not use VPN at all, but what other options are available to get remote access to a shared folder on a server?

A self hosted file sharing system designed to be accessible over the Internet like Nextcloud, Seafile, Syncthing ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 14, 2025, 05:44:43 PM #5
Thanks for that info. I will look into it.
I really do hope that Desico can fix the VPN guides to reflect the current OPNsense version.
Print
Go Up Pages1
User actions