Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
IPsec windows client
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPsec windows client (Read 2143 times)
loganx1121
Full Member
Posts: 123
Karma: 0
IPsec windows client
«
on:
October 14, 2019, 01:14:10 pm »
So I used this guide
https://wiki.opnsense.org/manual/how-tos/ipsec-rw-srv-mschapv2.html
I did the Certificate stuff on the firewall. I exported the CA and installed it on the client machine. When I try to connect on the Windows client, the VPN logs show my public IP "not confirmed by certificate, defaulting to <the cert I made>", and the client just says "Connecting" forever and doesn't go anywhere.
I've also posted on the reddit forum with more screen shots if that helps here:
https://www.reddit.com/r/OPNsenseFirewall/comments/dhjwwz/need_some_ipsec_help_pretty_please/
Logged
loganx1121
Full Member
Posts: 123
Karma: 0
Re: IPsec windows client
«
Reply #1 on:
October 14, 2019, 04:47:15 pm »
Just tinkering around some more. If I modify the client connection to "Use machine certificates" for authentication, I can see the traffic come in on the firewall live logs and I can see it's allowed, but it seems to be hitting the rule I setup for the incoming connections/port forward for the chat server.
I moved this rule to the bottom and now I can't see any of the connection attempts in the logs, whether I have it set for machine cert or MSCHAPv2.
Logged
loganx1121
Full Member
Posts: 123
Karma: 0
Re: IPsec windows client
«
Reply #2 on:
October 15, 2019, 04:44:29 pm »
So as far as I can tell, the traffic isn't even getting to the firewall. I have no idea why. The DDNS I'm using for the IPSec connection is the same one I am using for the port forward and configuration for my XMPP server, which is up and working. If I "inspect" the firewall rules I was told to add via the guide, and the firewall rule for the IPsec, I see several "evaluations" but no packets, bytes, or states. But here is something interesting...
- If I leave the client configuration on the Windows 10 machine the way the guide tells me, and I initiate the connection, it just says "Connecting" and never does anything.
- If I switch it to "Use machine certifcates" then it says Connecting, it displays the DDNS name, and then fails with the error "IKE failed to find valid machine certificate"
- If I modify it to say "Use my windows logon credentials", it says Connecting, it displays the DDNS name, but it just hangs after that.
Regardless of which option I choose above, the states, packets, bytes on the rules remain at 0
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
IPsec windows client