VPN client connection fails

Started by ian.bugeja, March 03, 2022, 01:13:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 03, 2022, 01:13:43 PM
Have a weird issue which have been troubling me for months....

I have a PC on the LAN connecting to a VPN (checkpoint) via the Windows Checkpoint app. The connection establishes but immediately drops. Cannot explain why.

The system is is quite straight forward. Simple WAN and LAN with NAT. Cannot even see the dropped/deny connection attempts in the firewall view.

Any pointers would help

OPNsense is latest version
March 04, 2022, 07:32:29 AM #1
Hi Ian,

Interfaces, diagnostics, packet capture

interface - LAN
host address - IP address of the PC

start capture, attempt the connection, stop capture, download the .cap file and open in Wireshark

Are there any logs in the client? Can you ask the Checkpoint admin for diagnostics?

Bart...
March 06, 2022, 12:39:46 AM #2
Thanks, yes already had a look and did one again. Performed both on WAN and the internal interface and I can see exact same packets, so I think I can exclude the Firewall Rules.


On Checkpoint Client side i see the logs, which indicates that it's connecting (port 443) but then fails to establish the tunnel.

[6 Mar  0:28:32] Policy changed, restarting connection (2)
[6 Mar  0:28:32] Sent ClientHello
[6 Mar  0:28:34] upgarde is not configured on the site
[6 Mar  0:28:34] Starting new connection (2)
[6 Mar  0:28:35] Topology download in progress
[6 Mar  0:28:35] upgarde is not configured on the site
[6 Mar  0:28:35] firewall policy desktop_policy connected enforced successfully
[6 Mar  0:28:35] Office mode IP was set successfully
[6 Mar  0:28:37] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18001.
[6 Mar  0:28:38] OM started successfully with IP = 192.168.170.86.
[6 Mar  0:28:38] Client state is connecting
[6 Mar  0:28:38] Connection was successfully established (2)
[6 Mar  0:28:39] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18002.
[6 Mar  0:28:41] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18003.
[6 Mar  0:28:43] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18004.
[6 Mar  0:28:45] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18005.
[6 Mar  0:28:47] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18006.
[6 Mar  0:28:49] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18007.
[6 Mar  0:28:51] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18008.
[6 Mar  0:28:53] No reply from the gw ip=10.0.9.2 for tunnel test packet. Office Mode IP=192.168.170.86, source port=18009.
[6 Mar  0:28:55] IKE tunnel disconnected, error code=-1000. Reason: Site is not responding.
[6 Mar  0:28:55] Client state is connected
[6 Mar  0:28:55] Tunnel (2) disconnected. State is connected. Trying to reconnect.
August 20, 2022, 09:43:05 AM #3
Spent hours looking at the capture and couldn't figure out anything. It seems that no data is received and it's being dropped for some weird reason.
Print
Go Up Pages1
User actions