OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • Mobile does not use established IKEv2/IPsec VPN tunnel
« previous next »
  • Print
Pages: [1]

Author Topic: Mobile does not use established IKEv2/IPsec VPN tunnel  (Read 3048 times)

steffda

  • Newbie
  • *
  • Posts: 17
  • Karma: 1
    • View Profile
Mobile does not use established IKEv2/IPsec VPN tunnel
« on: February 27, 2019, 11:35:28 pm »
Hello everybody,
I have a big problem with my IKEv2/IPsec VPN since today.
Until yesterday evening, everything worked fine, connection to the vServer, IPsec connection, etc.
From today I have the following phenomenon:
My phone sets up the IPsec tunnel, hand shows VPN status connected. OPNsense IPsec -> Lease Status shows that the mobile phone has been assigned an IP address and the tunnel has been established.
But, if I test the external IP on the phone, it shows the, which comes from my Internet provider (via WLAN) or from my Mobile network provider (without WLAN). Now, when I call a webpage, it gets load it, but there is nothing in the firewall's live log.
I've already rebooted OPNsense, as well as reset my phone to factory settings, but nothing helps.

All this happened after changing the Dead Peer Detection parameter in the IPsec Phase1 settings, other parameters were not changed.
Whether it is related, but I can not say, is just a network with many components ;).

And something else I noticed: When everything worked, I had a timeout on the VPN connection every few minutes, so I had to reconnect. Since it stops working, I have no timeout anymore. Handy and OPNsense say they are connected. : - /

Does anyone have any idea why this might be?

Ahso ... mobile is a Lumia 950 with Windows 10 mobile and OPNsense is version 19.1.1.

greetings
steffen
« Last Edit: February 28, 2019, 08:58:55 pm by steffda »
Logged

steffda

  • Newbie
  • *
  • Posts: 17
  • Karma: 1
    • View Profile
Re: Mobile does not use established VPN tunnel
« Reply #1 on: February 28, 2019, 10:40:35 am »
I've tried the same with a Windows 10 PC.
It's the same effect. The VPN connection is established, but it is not used.
ipconfig results in:

PPP_Adapter VPN
IPv4 address ..................... 172.16.99.2
Subnet mask ................... 255.255.255.255
Standard Gateway ...............

In OPNsense the following is set:
VPN -> IPsec -> Mobile Clients -> Virtual Address Pool 172.16.99.0/24

This results in the following questions for me:
1. Do I need a standard gateway, if so, how do I get that via IPsec in the network settings of the Windows PC?
2. Why is the subnet mask wrong? How and where is this to change?
Logged

steffda

  • Newbie
  • *
  • Posts: 17
  • Karma: 1
    • View Profile
Re: Mobile does not use established IKEv2/IPsec VPN tunnel
« Reply #2 on: March 01, 2019, 04:50:17 pm »
After long, long search i found the solution and some answers here:
https://answers.microsoft.com/en-us/windows/forum/windows_10-networking/why-doesnt-the-vpn-work-on-windows-10-mobile/607d23f9-eff0-44f6-9308-bbd250569966
User dpaz_tech in that thread wrote:
Quote
In our case. the correct protocol to choose when setting up any VPN manually through the Windows 10 Mobile interface is "Automatic."

Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • Mobile does not use established IKEv2/IPsec VPN tunnel
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2