Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Multiple IPSec roadwarrior problems
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multiple IPSec roadwarrior problems (Read 3470 times)
ElFonte
Newbie
Posts: 5
Karma: 0
Multiple IPSec roadwarrior problems
«
on:
February 19, 2021, 09:59:23 pm »
Hello, I'm a new poster here with a few years on my shoulders with OPNSense and PFSense
I recently migrated one of my firewalls from 20.7.4 to 21.1.1. Since then, when a road warrior VPN user connects when a different user is connected from the same network (behind NAT, so different local IP but same public IP) the first one can't access the network but the connection stays open
I've checked the logs, there doesn't seem to be anything wrong there. I've checked the config, and nothing is changed, neither in the client side (wich still works on a different 20.7.4 server) or the server side
Anyone else experiencing problems like this?
Thanks a lot for the help
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Multiple IPSec roadwarrior problems
«
Reply #1 on:
February 20, 2021, 07:19:10 am »
This usually comes when the router at client side cant Nat multiple devices behind
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
ElFonte
Newbie
Posts: 5
Karma: 0
Re: Multiple IPSec roadwarrior problems
«
Reply #2 on:
February 21, 2021, 09:58:18 pm »
Sadly, that's not the case, since the clients haven't changed anything. It happens to me when connecting from 2 different VMs, and I'm certain the only change has been on the firewall
Logged
ElFonte
Newbie
Posts: 5
Karma: 0
Re: Multiple IPSec roadwarrior problems
«
Reply #3 on:
February 25, 2021, 09:56:47 pm »
Given I found no clue of what was grong, I reinstalled 20.7 in a different VM and updated it to the latest version available before enabling the update to 21, restored a backup from 21.1 (I know this shouldn't be done, it was just a test) and it's working correctly, allowing multiple connections from the same public IP
There seems to be a bug in OPNSense, how do I report it?
Thanks a lot
Logged
juere
Jr. Member
Posts: 91
Karma: 8
Re: Multiple IPSec roadwarrior problems
«
Reply #4 on:
February 26, 2021, 10:17:40 am »
Same problem here since updating to 21.1.2 yesterday.
Multible IPSEC road-warriors "kick out" each other when connecting from the same IP.
We use IKEv2 with Microsoft RADIUS accounts, each VPN user has it's own RADIUS account.
Worked fine before with 20.7.7.
I just reported the problem on github as issue #4757
«
Last Edit: February 26, 2021, 10:47:12 am by goodomens42
»
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Multiple IPSec roadwarrior problems
«
Reply #5 on:
February 26, 2021, 11:11:57 am »
Can you do me a favor and test against 20.7.8 and 21.0 so we can find in which release the change was?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
juere
Jr. Member
Posts: 91
Karma: 8
Re: Multiple IPSec roadwarrior problems
«
Reply #6 on:
February 27, 2021, 01:36:54 am »
@mimugmail
Did the updates one by one and tested with pings as described in the github issue:
20.7.7_1 (before update) works fine
20.7.8_4 works fine
21.1 fails, as soon as the second connection is started, the first ping stalls
21.1.2 fails, not tested again
Logged
ElFonte
Newbie
Posts: 5
Karma: 0
Re: Multiple IPSec roadwarrior problems
«
Reply #7 on:
March 02, 2021, 11:19:17 pm »
Hello, just tested it and got the same results
20.7.8_4 works fine
21.1 doesn't work
If there is any other test to do, please tell me, I have both versions in different hard drives ready to try
Logged
juere
Jr. Member
Posts: 91
Karma: 8
Re: Multiple IPSec roadwarrior problems
«
Reply #8 on:
March 03, 2021, 09:22:38 am »
@ElFonte: I reported this on github, see
https://github.com/opnsense/core/issues/4757
A patch was posted yesterday, try
Code:
[Select]
opnsense-patch 8bf80e0
Works fine for me
Logged
ElFonte
Newbie
Posts: 5
Karma: 0
Re: Multiple IPSec roadwarrior problems
«
Reply #9 on:
March 10, 2021, 09:48:03 pm »
@goodomens42 thanks a lot, forgot to report that it works fine now
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Multiple IPSec roadwarrior problems