Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
IPSec reported tunnels
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSec reported tunnels (Read 5159 times)
Manxmann
Newbie
Posts: 24
Karma: 0
IPSec reported tunnels
«
on:
May 30, 2017, 02:57:26 pm »
Hi Folks,
Sorry me again
More of an observation than a bug. I have a number of 'site to site' IPsec VPN's in place between 5 different sites. All sites run OPNsense, mostly 17.1.7 but a one is 17.1.4.
Everything works and for the most part is trouble free but on each host I see odd numbers reported for the number of connected tunnels. For example I have one FW configured with 1 phase link and two phase two using IKEv1. The Dashboard shows 4 Active tunnels and -2 In-Active.
I have also noted at times that all the tunnels on a host can be 'Active' and working and the Dashboard shows 0 Active and 0 in-active. When this occurs checking VPN/IPSec/Status Overview shows nothing. Restarting the StrongSWAN daemon corrects this.
Whilst this odd behaviour doesn't seem to affect the IPSec function it does make diagnosing problems somewhat tricky.
Cheers
Logged
Droppie391
Jr. Member
Posts: 55
Karma: 5
Re: IPSec reported tunnels
«
Reply #1 on:
May 30, 2017, 04:51:51 pm »
for what its worth, we see this too. It seems to resolve itself after a few minutes. I assume this is due to a change in strongswan. Probably this is caused by the renegotiation of the tunnels and the displayed numbers reflect to the total of old and new keys.
Logged
franco
Administrator
Hero Member
Posts: 17747
Karma: 1620
Re: IPSec reported tunnels
«
Reply #2 on:
May 30, 2017, 08:23:48 pm »
Hi,
Sorry, this appeared when strongSwan was updated from 5.5.1 to 5.5.2, a very unlikely candidate for such changes. I caught the IPsec widget's tunnel reporting in time, but the other one was harder to track and would only pop up in a secondary install ever so sporadically.
https://github.com/opnsense/core/commit/a039ad4d
It will be part of 17.1.8 this week, but you can patch it right away to help confirm:
# opnsense-patch a039ad4d
Cheers,
Franco
Logged
Manxmann
Newbie
Posts: 24
Karma: 0
Re: IPSec reported tunnels
«
Reply #3 on:
May 30, 2017, 10:33:01 pm »
Thanks Franco,
Patch applied, I'll report back on my progress.
root@XEN-FW:~ # opnsense-patch a039ad4d
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From a039ad4db4d5819fa427c694c94d09846a377e3e Mon Sep 17 00:00:00 2001
|From: Franco Fichtner <franco@opnsense.org>
|Date: Fri, 19 May 2017 16:19:24 +0200
|Subject: [PATCH] ipsec: fix widget count after 5.5.2 update
|
|---
| src/www/widgets/widgets/ipsec.widget.php | 12 +++++++++---
| 1 file changed, 9 insertions(+), 3 deletions(-)
|
|diff --git a/src/www/widgets/widgets/ipsec.widget.php b/src/www/widgets/widgets/ipsec.widget.php
|index 4a98e13a5..58eb9e258 100644
|--- a/src/www/widgets/widgets/ipsec.widget.php
|+++ b/src/www/widgets/widgets/ipsec.widget.php
--------------------------
Patching file www/widgets/widgets/ipsec.widget.php using Plan A...
Hunk #1 succeeded at 34.
Hunk #2 succeeded at 66.
Hunk #3 succeeded at 109.
done
All patches have been applied successfully. Have a nice day.
root@XEN-FW:~ #
Logged
Scalaechelon
Newbie
Posts: 4
Karma: 0
Re: IPSec reported tunnels
«
Reply #4 on:
May 31, 2017, 02:36:16 am »
sir,
Please post a guide on how to configure an IPSEC VPN because this is required in our office
Just site to site configuration as i do not want inter branch communication, only branch to central office.
Im relatively new to Opnsense VPN Implementation so i need all the help i can get .
Ciao.
Logged
franco
Administrator
Hero Member
Posts: 17747
Karma: 1620
Re: IPSec reported tunnels
«
Reply #5 on:
May 31, 2017, 11:59:30 am »
The guide is located here:
https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
IPSec reported tunnels