Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OPNsense prevents FortiClient IPSec VPN connection
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense prevents FortiClient IPSec VPN connection (Read 3763 times)
Hundeknochen
Newbie
Posts: 3
Karma: 0
OPNsense prevents FortiClient IPSec VPN connection
«
on:
January 26, 2022, 05:15:58 pm »
Hello!
I am currently struggling getting a work VPN connection through my OPNsense 21.7.7 firewall. This is a VPN (IPSec) connection between my work laptop and my employer's servers, so OPNsense isn't a VPN endpoint here.
The company used another VPN solution before which worked fine with OPNsense, however they recently migrated to Fortigate and its FortiClient VPN solution and that's where the issues began. When trying to connect to the VPN, it always fails with an
"no response from the peer, Phase 1 retransmit reaches maximum count"
error on the client.
Connecting via cell phone works fine.
As far as OPNsense is concerned, it's a standard 21.7.7 install that acts as a router/firewall for the home. The work laptop sits on its separate network (Guest) with little in the way, it even uses public DNS servers instead of OPNsense as DNS proxy like the Home (LAN) side does. Also, IDS is not active on the Guest network. All the necessary ports for IPSec (500,4500, etc) have been opened in the fw rules, and as mentioned the previous IPSec VPN solution worked fine through the very same OPNsense box.
The firewall log doesn't show anything suspicious either.
In an attempt to fix this I also added all the ports that Fortinet lists for FortiClient but that didn't help either:
https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/788212/forticlient-open-ports
I'm at a loss as to why FortiClient struggles with phase 1 handshakes when the previous VPN solution worked fine.
Any ideas?
«
Last Edit: January 26, 2022, 06:03:53 pm by Hundeknochen
»
Logged
cnu80
Newbie
Posts: 7
Karma: 2
Re: OPNsense prevents FortiClient IPSec VPN connection
«
Reply #1 on:
January 27, 2022, 04:53:40 pm »
Hi, did you find a solution? My problem is a little different. I can connect to the company VPN server with my FortiClient VPN but after ~10min the connection is lost. Without OpnSense it is working.
I checked the logfiles and cannot find suspicious. Any ideas to locate the problem? thanks
Logged
Hundeknochen
Newbie
Posts: 3
Karma: 0
Re: OPNsense prevents FortiClient IPSec VPN connection
«
Reply #2 on:
January 27, 2022, 10:54:23 pm »
I haven't found a solution unfortunately. But I do have two other firewalls (Sophos XG 18.5MR2 and Watchguard Firebox T35 running whatever the latest version of Fireware XTM is) and I see the same behavior there - FortiClient fails at phase 1 handshakes. So this might not be an OPNsense specific issue after all. Still, I was hoping someone had an idea what's going on.
I know that Fortigate's VPN implementation can be difficult at times, but on the other side it works fine for colleagues who just use some kind of cheap nasty broadband router they got from their ISP, so surely there must be a way to get it to work in OPNsense.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OPNsense prevents FortiClient IPSec VPN connection