Author Topic: Problem with multiple VPN-Peer rightpeer: %any (Read 1727 times)

smooth_81 · « **on:** August 19, 2019, 02:46:52 pm »

I've setup a central opnsense appliance to host some (~600) VPN connections.
I need to use %any as Peer IP and to use rightid with distinguisher to assign the correct Config. I have no option to use something like dyndns to resolve peer ip's.

The problem comes when i define more than one tunnel with peer ip %any. When the second peer connects OPNSense does not use the right PSK, but only the PSK from the first defined Connection.
Weird, because the PSK is attached to the DN in ipsec.secrets.

Is this a bug? I'm using actual version OPNsense 19.7.2-amd64

mimugmail · « **Reply #1 on:** August 19, 2019, 05:49:52 pm »

Just use IKEv2, works like a charm

smooth_81 · « **Reply #2 on:** August 21, 2019, 01:47:04 pm »

Quote from: mimugmail on August 19, 2019, 05:49:52 pm

Just use IKEv2, works like a charm

That would be great, but AVM Fritzbox does not support IKEv2

Any other hint?

mimugmail · « **Reply #3 on:** August 21, 2019, 02:51:42 pm »

No, then the PSK has to be the same I'd guess. Or use certificate authentication

Author Topic: Problem with multiple VPN-Peer rightpeer: %any (Read 1727 times)

smooth_81

Problem with multiple VPN-Peer rightpeer: %any

mimugmail

Re: Problem with multiple VPN-Peer rightpeer: %any

smooth_81

Re: Problem with multiple VPN-Peer rightpeer: %any

mimugmail

Re: Problem with multiple VPN-Peer rightpeer: %any