Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
IKEv2 IPSec EAP-TLS (RSA local) + (EAP-TLS remote) appears broken
« previous
next »
Print
Pages: [
1
]
Author
Topic: IKEv2 IPSec EAP-TLS (RSA local) + (EAP-TLS remote) appears broken (Read 1338 times)
whatever
Newbie
Posts: 19
Karma: 1
IKEv2 IPSec EAP-TLS (RSA local) + (EAP-TLS remote) appears broken
«
on:
March 11, 2023, 09:27:28 pm »
Hello,
I'm transitioning over from pfSense to OPNsense and I've been "cloning" the pfSense box settings on OPNsense. Everything is working great except IPSec. I can't for the life of me get it working. I've checked the settings well over 100 times and they're correct. On pfSense it works perfectly. On OPNsense, when I try to connect a client it instantly disconnects. The strange thing is that I see no error messages at all in the IPSec logs - the client hits the server and the logs are full of "success" statements - no errors. And so I have no idea where to look to fix the issue. I've torn down the tunnel and started over more times than I can count. I also reinstalled OPNsense from scratch and reconfigured IPSec - same exact result. It was working prior to the update to 23.1_2. I'm now on 23.1_3 but that update didn't help.
Off the top of anyone's head do you have any ideas where I should look?
Here are screenshots of my config and logs:
[I removed the screenshots because they're pointless now - the settings are fine - see below]
Thanks
«
Last Edit: March 12, 2023, 08:25:15 am by whatever
»
Logged
Flamez
Newbie
Posts: 17
Karma: 0
Re: IKEv2 IPSec EAP-TLS (RSA local) + (EAP-TLS remote) appears broken
«
Reply #1 on:
March 11, 2023, 10:23:50 pm »
I have also ran into this issue. It was working before updating from 23.1_2. to 23.1_3.
Logged
whatever
Newbie
Posts: 19
Karma: 1
Re: IKEv2 IPSec EAP-TLS (RSA local) + (EAP-TLS remote) appears broken
«
Reply #2 on:
March 12, 2023, 07:51:46 am »
So I reinstalled 23.1 and restored my config with those exact IPSec settings in and it just worked. Updated to 23.1.3 and after the reboot, IPSec is broken. So it would appear to be realted to the subsequent updates of OPNsense somehow. I'd be quite happy to stay on 23.1 but I can't install any packages. When I try it tells me that my installation is outdated and I need to update. Any way around this?
«
Last Edit: March 12, 2023, 08:14:19 am by whatever
»
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IKEv2 IPSec EAP-TLS (RSA local) + (EAP-TLS remote) appears broken
«
Reply #3 on:
March 12, 2023, 09:51:08 am »
Can you raise a ticket in Github for this please?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
whatever
Newbie
Posts: 19
Karma: 1
Re: IKEv2 IPSec EAP-TLS (RSA local) + (EAP-TLS remote) appears broken
«
Reply #4 on:
March 12, 2023, 06:39:45 pm »
Sure, in which section, "core"? (never opened a ticket before).
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IKEv2 IPSec EAP-TLS (RSA local) + (EAP-TLS remote) appears broken
«
Reply #5 on:
March 12, 2023, 07:26:18 pm »
Looks like it was reported via
https://github.com/opnsense/core/issues/6415
Thanks,
Franco
Logged
whatever
Newbie
Posts: 19
Karma: 1
Re: IKEv2 IPSec EAP-TLS (RSA local) + (EAP-TLS remote) appears broken
«
Reply #6 on:
March 12, 2023, 07:39:32 pm »
That's me ;-)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
IKEv2 IPSec EAP-TLS (RSA local) + (EAP-TLS remote) appears broken