Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
IPSEC issue when set NAT/BINAT with different masks
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC issue when set NAT/BINAT with different masks (Read 6591 times)
cluna
Newbie
Posts: 1
Karma: 0
IPSEC issue when set NAT/BINAT with different masks
«
on:
April 07, 2017, 03:34:22 pm »
Hi everyone, I would like help with this topic.
I've searching around the forums, but couldn't find a light with this issue. I'm trying to set a IPSec VPN Site to Site on OPNSense 16.7-amd64. Looks like the tunnel get up and works correctly, but the phase 2 it´s not working.
I've read the doc
https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html
to set the VPN, but I got some of theese events on the IPsec log (recent/old order):
Apr 7 07:00:41 charon: 05[IKE] failed to establish CHILD_SA, keeping IKE_SA
Apr 7 07:00:41 charon: 05[IKE] <con2|21687> failed to establish CHILD_SA, keeping IKE_SA
Apr 7 07:00:41 charon: 05[IKE] maximum IKE_SA lifetime 28751s
Apr 7 07:00:41 charon: 05[IKE] <con2|21687> maximum IKE_SA lifetime 28751s
Apr 7 07:00:41 charon: 05[IKE] IKE_SA con2[21687] established between 181.XXX.110.XX[181.XXX.110.XX]...200.XX.232.XXX[200.XX.232.XXX]
Apr 7 07:00:41 charon: 05[IKE] <con2|21687> IKE_SA con2[21687] established between 181.XXX.110.XX[181.XXX.110.XX]...200.XX.232.XXX[200.XX.232.XXX]
Apr 7 07:00:41 charon: 05[ENC] parsed IKE_SA_INIT response 0 [ SA KE No V V V N(NATD_S_IP) N(NATD_D_IP) CERTREQ V ]
Apr 7 07:00:41 charon: 05[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Apr 7 07:00:41 charon: 05[IKE] initiating IKE_SA con2[21687] to 200.XX.232.XXX
When I see the Status Overview page under IPSec, there no info under info above (Local subnets, SPIs, Remote subnets, State, Stats).
Even, I've search over documentation and wiki OPSense and got that Phase2 NAT doesnt work with different masks, its true? looks like this issue is fixed on OpenBSD, not for FreeBSD (I'm using FreeBSD
).
If anyone could help me I'll appreciate it.
I can provide more info to help.
Thanks.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
IPSEC issue when set NAT/BINAT with different masks