Issues with Strongswan (IKEv2)

Started by AirstarGroup, March 11, 2019, 03:49:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 11, 2019, 03:49:34 PM
Hello All!

I am having a weird issue with my IKEv2 VPN. The setup I have for it (including certificates and so on) works perfectly from time to time on Windows 10. Other times, Windows gives the error that the IKE credentials are unacceptable. The weird part of this is that if I restart the Strongswan service on OPNsense, the issue goes away and lets me connect once again.

P.S. I am using certificates provided by Let's Encrypt addon, which have no issue being authenticated.
March 21, 2019, 06:27:18 PM #1
Hi,

this might be related to the PFS group your client is requesting from the firewall. As soon as the IPsec is restarted the firewall forgets about the previous connection and the client can connect fresh.

Have a look at the PowerShell script attached here https://forum.opnsense.org/index.php?topic=12147.0 and compare that with the IKE/ESP settings that you have on your Setup.

Best regards
Rainer
March 21, 2019, 08:49:48 PM #2
Also see that "install policy" is checked in phase 1. We have a small setup quirk in 19.1.4 that unsets it by default (it only needs to be unset for routed IPsec).


Cheers,
Franco
Print
Go Up Pages1
User actions