Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Internet connection over IPSec VPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: Internet connection over IPSec VPN (Read 9543 times)
pawel_dor
Newbie
Posts: 2
Karma: 0
Internet connection over IPSec VPN
«
on:
March 30, 2016, 03:19:41 pm »
Hello,
I configure IPSec with
https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html
But after connecting to VPN, I'm losing internet connection.
Thx for your help
My config
Firewall
Mobile Client
Phase 1
Phase 2
Logged
packet loss
Full Member
Posts: 134
Karma: 26
Re: Internet connection over IPSec VPN
«
Reply #1 on:
April 03, 2016, 05:18:41 am »
I guess I'll throw my 2 cents in just in case it may help. Make sure you have net.inet.ip.fastforwarding set to 0 (off) in the turntables since having it on will possibly break IPSEC. Also take a look at the following forum link which has some good information reference NIC TSO settings etc:
https://forum.opnsense.org/index.php?topic=896.0
Not sure which NIC you are using but take a look at your TSO, LRO, RX checksum, TX checksum etc settings for your particular NIC to make sure they are turned off. Those in particular may cause you issues.
Useful link:
https://www.freebsd.org/cgi/man.cgi?ifconfig
«
Last Edit: April 03, 2016, 05:23:47 am by azdps
»
Logged
pawel_dor
Newbie
Posts: 2
Karma: 0
Re: Internet connection over IPSec VPN
«
Reply #2 on:
April 04, 2016, 10:23:19 am »
Nothing change
I'm trying set net.inet.ip.fastforwarding but I cannot find the correct config file.
I found, net.inet.ip.fastforwarding = 0
«
Last Edit: April 04, 2016, 10:32:58 am by pawel_dor
»
Logged
Kuragari
Jr. Member
Posts: 66
Karma: 11
Re: Internet connection over IPSec VPN
«
Reply #3 on:
May 03, 2016, 08:38:27 pm »
Hello, i have the same problem. Connection to IPSec VPN work but no internet connection when connected.
VPN connection is stable, i think it is a configuration problem but don't know where.
Logged
DokuKäfer
Jr. Member
Posts: 83
Karma: 15
Re: Internet connection over IPSec VPN
«
Reply #4 on:
May 03, 2016, 09:41:12 pm »
Mobile Client
Virtual Adress Pool: 192.168.1.
1
Maybe?
Logged
Kuragari
Jr. Member
Posts: 66
Karma: 11
Re: Internet connection over IPSec VPN
«
Reply #5 on:
May 03, 2016, 09:52:59 pm »
Quote from: DokuKäfer on May 03, 2016, 09:41:12 pm
Mobile Client
Virtual Adress Pool: 192.168.1.
1
Maybe?
No, i get ip address, i communicate with LAN, only internet access don't work (rules and NAT are ok)
Logged
kabrutus
Newbie
Posts: 14
Karma: 0
Re: Internet connection over IPSec VPN
«
Reply #6 on:
May 26, 2016, 03:23:26 am »
I too am having the same issues. Has this been resolved?
Logged
kabrutus
Newbie
Posts: 14
Karma: 0
Re: Internet connection over IPSec VPN
«
Reply #7 on:
May 26, 2016, 07:34:49 am »
i was able to get the internet running by changing the network to 0.0.0.0/0 in the P2 setting. but now all the internet traffic goes through the tunnel. Is there a way to set the client computer to use its own internet connection for browsing and use the vpn only for network/server connection?
Logged
Kuragari
Jr. Member
Posts: 66
Karma: 11
Re: Internet connection over IPSec VPN
«
Reply #8 on:
May 26, 2016, 08:02:42 am »
Yes, problem solved for me to with the same parameters.
Anyway, no it is not possible to use local internet connection with VPN. When VPN tunnel is up any data go trough it.
Logged
Kuragari
Jr. Member
Posts: 66
Karma: 11
Re: Internet connection over IPSec VPN
«
Reply #9 on:
May 26, 2016, 09:02:01 am »
I have just a last problem. VPN work on LAN and not on WAN (sometime that work, sometime not)
I have the rules in firewall (ISAKMP, IPsec NAT-T, ESP and AH) so i assume that not the problem. I am directly connected on my WAN interface.
I have just a special configuration my WAN use a private ip address because i need to do double NAT.
My WAN interface don't block private ip traffic (configuration in interfaces menu)
Somebody have an idea ?
Here the last lines in log :
May 26 08:55:38 charon: 10[JOB] deleting half open IKE_SA after timeout
May 26 08:55:32 charon: 10[NET] sending packet: from 192.168.1.2[500] to 192.168.1.19[500] (412 bytes)
May 26 08:55:32 charon: 10[IKE] sending retransmit 3 of response message ID 0, seq 1
May 26 08:55:32 charon: 10[IKE] <con1|37> sending retransmit 3 of response message ID 0, seq 1
May 26 08:55:19 charon: 10[NET] sending packet: from 192.168.1.2[500] to 192.168.1.19[500] (412 bytes)
May 26 08:55:19 charon: 10[IKE] sending retransmit 2 of response message ID 0, seq 1
May 26 08:55:19 charon: 10[IKE] <con1|37> sending retransmit 2 of response message ID 0, seq 1
May 26 08:55:18 charon: 10[NET] sending packet: from 192.168.1.2[500] to 192.168.1.19[500] (412 bytes)
May 26 08:55:18 charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
May 26 08:55:18 charon: 10[IKE] <con1|37> received retransmit of request with ID 0, retransmitting response
May 26 08:55:18 charon: 10[NET] received packet: from 192.168.1.19[500] to 192.168.1.2[500] (776 bytes)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Internet connection over IPSec VPN