OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • IPSEC Tunnel not working anymore
« previous next »
  • Print
Pages: 1 [2]

Author Topic: IPSEC Tunnel not working anymore  (Read 3533 times)

jloipers

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Re: IPSEC Tunnel not working anymore
« Reply #15 on: March 19, 2019, 09:48:30 am »
Hi all,

we had the same issue here. We have 22 site-2-site IPSec tunnels running, three of them are ike v2.
All remote peers are different kind of firewalls (Cisco ASA, Lancom, Checkpoint) but no OPNsense.

After upgrading to 19.1.4 some tunnels worked fine some didn't. It didn't make any difference if it was ike v1 or v2.

As far as we can say all not working tunnels contain single host configurations in the phase 2 entries. But I am not sure about that matter 'cause we weren't able to test all connections.

After applying the patch (= removal of VTI) everything was fine, thanks for that!


Cheers

Josef

Logged

siegfried

  • Newbie
  • *
  • Posts: 21
  • Karma: 3
    • View Profile
Re: IPSEC Tunnel not working anymore
« Reply #16 on: March 20, 2019, 03:52:07 pm »
Hi all,
same problem here. Since 19.1.4 a tunnel to a Fortigate cluster (2x Fortigate 200E) doesn't work anymore. SAs are created, the counters for incoming traffic are >0, but no outgoing traffic to the Fortigate box.

I'll try the patch later this evening.
Edit: Fortigate Firmware version: 5.6.3
« Last Edit: March 20, 2019, 04:12:55 pm by siegfried »
Logged

KittD

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Re: IPSEC Tunnel not working anymore
« Reply #17 on: March 20, 2019, 08:35:37 pm »
Updated a bunch of routers last night from 19.1.2 to 19.1.4 and a few of them had VPN issues this morning. Reverted the patch on one of them, rebooted, and no issues right now.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 10093
  • Karma: 765
    • View Profile
Re: IPSEC Tunnel not working anymore
« Reply #18 on: March 20, 2019, 09:24:27 pm »
Appreciate the info. We removed the explicit reqid setting from non-VTI configurations and that should be it for 19.1.5.


Cheers,
Franco
Logged

siegfried

  • Newbie
  • *
  • Posts: 21
  • Karma: 3
    • View Profile
Re: IPSEC Tunnel not working anymore
« Reply #19 on: March 21, 2019, 07:46:37 am »
Moin!
Patch solved the issue. Thanks!
Logged

emmitt

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: IPSEC Tunnel not working anymore
« Reply #20 on: March 25, 2019, 06:44:30 pm »
Hi,

is it useful tp wait for 19.1.5?

If not, how can I download and install the patch?

Thanks!
Logged

glasi

  • Newbie
  • *
  • Posts: 41
  • Karma: 1
    • View Profile
Re: IPSEC Tunnel not working anymore
« Reply #21 on: March 30, 2019, 05:07:38 pm »
Hi all,

I have the same issue here with a site-2-site IPSec tunnel. OPNsense does not build up the IPsec tunnel.

In my setup I can pin down the problem to the connection method in the tunnel settings. OPNsense fails to establish the IPsec tunnel when 'Start immediate' is selected as connection method.

As soon as I select 'Start on traffic' as connection method, everything works fine.

Can anybody reproduce this issue with his/her own setup?
Logged

  • Print
Pages: 1 [2]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • IPSEC Tunnel not working anymore
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2