Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Issues with Strongswan (IKEv2)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Issues with Strongswan (IKEv2) (Read 3590 times)
AirstarGroup
Newbie
Posts: 2
Karma: 0
Issues with Strongswan (IKEv2)
«
on:
March 11, 2019, 03:49:34 pm »
Hello All!
I am having a weird issue with my IKEv2 VPN. The setup I have for it (including certificates and so on) works perfectly from time to time on Windows 10. Other times, Windows gives the error that the IKE credentials are unacceptable. The weird part of this is that if I restart the Strongswan service on OPNsense, the issue goes away and lets me connect once again.
P.S. I am using certificates provided by Let's Encrypt addon, which have no issue being authenticated.
Logged
rainerle
Full Member
Posts: 151
Karma: 9
Re: Issues with Strongswan (IKEv2)
«
Reply #1 on:
March 21, 2019, 06:27:18 pm »
Hi,
this might be related to the PFS group your client is requesting from the firewall. As soon as the IPsec is restarted the firewall forgets about the previous connection and the client can connect fresh.
Have a look at the PowerShell script attached here
https://forum.opnsense.org/index.php?topic=12147.0
and compare that with the IKE/ESP settings that you have on your Setup.
Best regards
Rainer
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: Issues with Strongswan (IKEv2)
«
Reply #2 on:
March 21, 2019, 08:49:48 pm »
Also see that "install policy" is checked in phase 1. We have a small setup quirk in 19.1.4 that unsets it by default (it only needs to be unset for routed IPsec).
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Issues with Strongswan (IKEv2)