Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsecVPN With Windows 10 native VPN Client
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: IPsecVPN With Windows 10 native VPN Client (Read 9270 times)
dcol
Hero Member
Posts: 635
Karma: 51
Re: IPsecVPN With Windows 10 native VPN Client
«
Reply #15 on:
March 04, 2023, 09:57:59 pm »
How do I trace?
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: IPsecVPN With Windows 10 native VPN Client
«
Reply #16 on:
March 04, 2023, 10:37:25 pm »
I did just update to 23.1.1_2 from 22.7.11
Did notice new Connections page in VPN. That is nice.
Still Just get Policy match error
Logged
atom
Full Member
Posts: 207
Karma: 4
Re: IPsecVPN With Windows 10 native VPN Client
«
Reply #17 on:
March 04, 2023, 10:51:20 pm »
What is the error in the windows event log ?
Netsh trace start VpnClient per=yes maxsize=0 filemode=single
.... connection test ...
Netsh trace stop
The etl file can then be read with the Event Viewer.
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: IPsecVPN With Windows 10 native VPN Client
«
Reply #18 on:
March 04, 2023, 11:34:46 pm »
Opened the NetTrace.etl with Event Viewer and had a long list of Unknown Event ID's.
I did get some information from the log in OPNsense that showed
charon 06[IKE] <2> no IKE config found for <ServerIP>...<Client IP>, sending NO_PROPOSAL_CHOSEN
«
Last Edit: March 05, 2023, 06:05:45 pm by dcol
»
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: IPsecVPN With Windows 10 native VPN Client
«
Reply #19 on:
March 05, 2023, 07:28:40 pm »
I also noticed I have no ipsec.conf or ipsec.secrets file in /usr/local/etc, just sample files. Is this correct?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPsecVPN With Windows 10 native VPN Client
«
Reply #20 on:
March 05, 2023, 07:31:38 pm »
Yep, started with 23.1, check release notes
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
dcol
Hero Member
Posts: 635
Karma: 51
Re: IPsecVPN With Windows 10 native VPN Client
«
Reply #21 on:
March 05, 2023, 07:56:00 pm »
I read the release notes. strongswan.conf has very little info in it. There might be a bug here. The same VPN client configuration works fine in PFsense and the algorithms and certificates match. My goal here is to migrate the last remaining pfsense firewall to OPNsense. The PFsense Plus box is running 23.01. I am running these VPN tests in a development firewall with its own WAN IP intended to replace the PFsense box.
I don't think I should be seeing in the VPN Log
2023-03-05T11:32:20-07:00 Informational charon 13[IKE] <2> no IKE config found for <my serverIP>...<ClientIP>, sending NO_PROPOSAL_CHOSEN
2023-03-05T11:32:20-07:00 Informational charon 13[ENC] <2> parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
The release notes do state the changes could lead to connectivity issues in ambiguous cases. If I post at Github, how would I explain this issue? My experience with them is they require specific info.
«
Last Edit: March 05, 2023, 08:08:14 pm by dcol
»
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: IPsecVPN With Windows 10 native VPN Client
«
Reply #22 on:
March 05, 2023, 08:14:14 pm »
I finally found the settings in /usr/local/stc/swanctl/swanctl.conf and the local_addrs is not correct. It shows an old WAN IP I do not even use anymore. I will try to track down where this is coming from
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: IPsecVPN With Windows 10 native VPN Client
«
Reply #23 on:
March 05, 2023, 09:31:45 pm »
I am now connected. The issue was I had some virtual IP's configured, so the WAN IP was wrong. Once I removed all the Virtual IP's and fixed the WAN address, all worked fine. Now I just need to figure out how to connect the LAN's together.
Thanks to those that helped.
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsecVPN With Windows 10 native VPN Client