Internet connection over IPSec VPN

Started by pawel_dor, March 30, 2016, 03:19:41 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 30, 2016, 03:19:41 PM
Hello,

I configure IPSec with https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html
But after connecting to VPN, I'm losing internet connection.

Thx for your help

My config

Firewall






Mobile Client


Phase 1



Phase 2

April 03, 2016, 05:18:41 AM #1 Last Edit: April 03, 2016, 05:23:47 AM by azdps
I guess I'll throw my 2 cents in just in case it may help. Make sure you have net.inet.ip.fastforwarding set to 0 (off) in the turntables since having it on will possibly break IPSEC. Also take a look at the following forum link which has some good information reference NIC TSO settings etc:

https://forum.opnsense.org/index.php?topic=896.0

Not sure which NIC you are using but take a look at your TSO, LRO, RX checksum, TX checksum etc settings for your particular NIC to make sure they are turned off. Those in particular may cause you issues.

Useful link:
https://www.freebsd.org/cgi/man.cgi?ifconfig
April 04, 2016, 10:23:19 AM #2 Last Edit: April 04, 2016, 10:32:58 AM by pawel_dor
Nothing change :(

I'm trying set net.inet.ip.fastforwarding but I cannot find the correct config file.

I found, net.inet.ip.fastforwarding = 0
May 03, 2016, 08:38:27 PM #3
Hello, i have the same problem. Connection to IPSec VPN work but no internet connection when connected.

VPN connection is stable, i think it is a configuration problem but don't know where.
May 03, 2016, 09:41:12 PM #4
Mobile Client

Virtual Adress Pool:   192.168.1.1



Maybe?  :D
May 03, 2016, 09:52:59 PM #5
Quote from: DokuKäfer on May 03, 2016, 09:41:12 PM
Mobile Client

Virtual Adress Pool:   192.168.1.1



Maybe?  :D

No, i get ip address, i communicate with LAN, only internet access don't work (rules and NAT are ok)
May 26, 2016, 03:23:26 AM #6
I too am having the same issues.  Has this been resolved?
May 26, 2016, 07:34:49 AM #7
i was able to get the internet running by changing the network to 0.0.0.0/0 in the P2 setting.  but now all the internet traffic goes through the tunnel.  Is there a way to set the client computer to use its own internet connection for browsing and use the vpn only for network/server connection?
May 26, 2016, 08:02:42 AM #8
Yes, problem solved for me to with the same parameters.

Anyway, no it is not possible to use local internet connection with VPN. When VPN tunnel is up any data go trough it.
May 26, 2016, 09:02:01 AM #9
I have just a last problem. VPN work on LAN and not on WAN (sometime that work, sometime not)

I have the rules in firewall (ISAKMP, IPsec NAT-T, ESP and AH) so i assume that not the problem. I am directly connected on my WAN interface.

I have just a special configuration my WAN use a private ip address because i need to do double NAT.

My WAN interface don't block private ip traffic (configuration in interfaces menu)

Somebody have an idea ?

Here the last lines in log :
May 26 08:55:38   charon: 10[JOB] deleting half open IKE_SA after timeout
May 26 08:55:32   charon: 10[NET] sending packet: from 192.168.1.2[500] to 192.168.1.19[500] (412 bytes)
May 26 08:55:32   charon: 10[IKE] sending retransmit 3 of response message ID 0, seq 1
May 26 08:55:32   charon: 10[IKE] <con1|37> sending retransmit 3 of response message ID 0, seq 1
May 26 08:55:19   charon: 10[NET] sending packet: from 192.168.1.2[500] to 192.168.1.19[500] (412 bytes)
May 26 08:55:19   charon: 10[IKE] sending retransmit 2 of response message ID 0, seq 1
May 26 08:55:19   charon: 10[IKE] <con1|37> sending retransmit 2 of response message ID 0, seq 1
May 26 08:55:18   charon: 10[NET] sending packet: from 192.168.1.2[500] to 192.168.1.19[500] (412 bytes)
May 26 08:55:18   charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
May 26 08:55:18   charon: 10[IKE] <con1|37> received retransmit of request with ID 0, retransmitting response
May 26 08:55:18   charon: 10[NET] received packet: from 192.168.1.19[500] to 192.168.1.2[500] (776 bytes)
Print
Go Up Pages1
User actions