AVM FritzBox IPSEC VPN Client not working

Started by tristan, March 17, 2015, 10:42:40 AM

Previous topic - Next topic
Hi folks,

I have got the following problem:

When trying to use an AVM VPN Client behind the firewal, the connection gets established, but in facts it is unusable, because no connections to services in the remote network are possible.

Sniffing Packets on both interfaces didn't turn out any hints what might be wrong.

Other IPSec Clients work well, e.g. Cisco etc. and the AVM one works too, if I bypass the firewall.

Any ideas?

Best regards.

Hi Tristan,

Nat & inbound ipsec is always a bit of a hassle.
Question is: why would you build this setup, instead of using the build in ipsec server from opnsense?

Hi,

oh, I didn't make it clear the right way:

The IPSec Endpoint is the remote network, which I don't control. The IPSec Client is within our network and behind the firewall. :)

Best regards.

Ah, that makes sense.
I will try to test this tonight, will see what happens here.

Hi,

I would like to push this topic once more, because I couldn't make any progress with the described problem.  :-[

Best regards

Just in case: In general configuration screen, one can block bogon and private network adresses, you may check this possible  point of error! Good luck.

Hi,

thanks for your advice, but I don't block private or bogon, be it on LAN or WAN iface.

I'm also frequently experiencing timeout errors when changing settings in the panel since the second last update.

Best regards

Hi,

had a chance yesterday to test that setup.
I was able to establish a vpn connection to a remote fritzbox using fritz fernzugang and ping remote hosts.
Was behind an opnsense 15.1.8.2 using default configuration.
Not sure why it's not working in your setup...what's weired is that you mention timeouts?
what kind of hardware do you use?

best regards!

Hiho,

thx for your efforts.  :)

It's more than strange: after upgrading to 15.1.8.3 the connection attempt timeouts while the host is reachable via ping from the machine running fernzugang.
I was unable to find any hints by digging through the log files.

Any advice for further inspection of the problem?

Best regards!

Hi Tristan,

sounds like a problem not related to opnsense? maybe you change the fritzbox on your other site also to a opnsense? Or you can try to establish the ipsec connection directly from the opnsense gateway, basically it's normal ipsec.

best regards! :)