OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Ipsec
« previous next »
  • Print
Pages: 1 [2]

Author Topic: Ipsec  (Read 4992 times)

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 8049
  • Karma: 531
    • View Profile
Re: Ipsec
« Reply #15 on: October 13, 2016, 03:45:53 pm »
Let's help out ;)

Commit:

https://github.com/opnsense/core/commit/5dc95bac

Command:

# opnsense-patch 5dc95bac


Cheers,
Franco
Logged

voltara2000

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Ipsec
« Reply #16 on: October 14, 2016, 05:45:58 pm »
Hi,

I have applied patch. From the gui side everything looks good.
When I tried to connect I have got the following error: Error Description: 13801: IKE authentication credentials are unacceptable. I didn't have a chance to go over my config and certificates. I will do that on this weekend and try to figure out what is the cause of that.

Thank you,
Andrei
Logged

voltara2000

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Ipsec
« Reply #17 on: October 15, 2016, 02:50:35 am »
Hi,

After some testing with Windows 7 and StrongSwan android client I am getting the same error on both.
Please see attached final part of the Log. What could be the problem? Anyone has any suggestions?

Thank you,
Andrei
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 8049
  • Karma: 531
    • View Profile
Re: Ipsec
« Reply #18 on: October 17, 2016, 07:39:54 am »
Hi Andrei,

EAP is working, but the verify against the certificate/chain does not.


Cheers,
Franco
Logged

voltara2000

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Ipsec
« Reply #19 on: October 17, 2016, 09:13:40 pm »
Hi Franco,

What do you think causing this behavior? Opensense implementation of the StrongSwan or wrong configuration on my side? I have checked my certificates few times and they look ok. I have followed pfsense guide https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2 for setting this connection. I will try to recreate same config on pfsense to see the logs and compare, will also post opnsense generated file config vs pfsense for same scenario.

Thank you,
Andrei
Logged

  • Print
Pages: 1 [2]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Ipsec
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2019 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2