IPSEC Server

Started by Julien, March 08, 2017, 04:26:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 08, 2017, 04:26:31 PM Last Edit: March 08, 2017, 04:40:09 PM by Julien
Hi Guys,
I have followed the Doc to configure the IPSEC. https://docs.opnsense.org/manual/how-tos/ipsec-road.html
we have a active directory server to allow the users to access the VPN.
On the PN:IPSEC Mobile Client we used the server authentication for the Active directory we have.
the same Authentication server we use for the OPENVPN and it does works fine.
the log of the IPSEC says below.
can someone please point me to there right directions ?
Code Select

Mar 8 16:20:26
charon: 09[NET] sending packet: from FIREWALL IP [4500] to WHERE I AM CONNECTING FROM [42132] (84 bytes)
Mar 8 16:20:26
charon: 09[ENC] generating INFORMATIONAL_V1 request 628088373 [ HASH N(AUTH_FAILED) ]
Mar 8 16:20:26
charon: 09[IKE] found 1 matching config, but none allows XAuthInitPSK authentication using Main Mode
Mar 8 16:20:26
charon: 09[CFG] looking for XAuthInitPSK peer configs matching FIREWALL IP ...CONNECTING FROM[192.168.19.76]
Mar 8 16:20:26
charon: 09[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]

Firewall rules are attached.
DEC4240 – OPNsense Owner
March 08, 2017, 06:05:26 PM #1 Last Edit: March 08, 2017, 06:16:51 PM by Julien
I managed to get the tunnel UP and running,
the problem now is the users can't browse to the internet while connecting over the tunnel.
on the IPSEC rules we have allow any to any IPV4+6 with destination LAN net see attached but no vail,
connecting to the internet over the IPSEC does not works.
internally I can't ping the connected device IP.

Can someone please advise how to fix ?

Over the VPN I can access the firewall web interface.
is this some kind of routing issue ?

please advise
DEC4240 – OPNsense Owner
March 08, 2017, 07:15:15 PM #2
Hi Guys,
I have done so extra research, right now from the Lan side I can ping the connected devices over the VPN, but the otherway around is not.
when I am connected with the VPN I can't ping or RDP to the devices over the LAN.
isn't this a NAT issue ? NAT is a automatic on.

Really no way has a idea what  going on ?
DEC4240 – OPNsense Owner
March 09, 2017, 03:26:07 PM #3
Can Anyone advise about this ?
we just tried a Pfsense installation and everything works out of the box with the NAT rules.
Opnsense kan never get this working,
DEC4240 – OPNsense Owner
Print
Go Up Pages1
User actions