OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 15.1 Legacy Series »
  • ikev1 and ikev2 / Firewall
« previous next »
  • Print
Pages: [1]

Author Topic: ikev1 and ikev2 / Firewall  (Read 6963 times)

Edge

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
ikev1 and ikev2 / Firewall
« on: February 19, 2015, 08:06:07 am »
Hi Folks,

i've installed opnsense and tested it. Seems very interessting for me and i think i will change our OpenBSD Firewall to Opnsense soon.
I have 2 Questions:
1.) Do you support ikev1? We have some Customers which still use ikev1 for IPSec VPN. I tried to establish a VPN between them and my Opnsense GW, but when i choose ikev1 i only receive "charon: 03[NET] received unsupported IKE version 1.0 from 1.2.3.4, sending INVALID_MAJOR_VERSION" Could you give me a hint?
2.) I have a large pf.conf from my Firewall and i don't want to copy it via Browser. So i would like to write a Script which converts my pf.conf to a format which fits to Opnsense. I've searched via command line but i wasn't able to find the file where to save Firewall Rules. Could you give an advise here where to find the file?
Thanks and keep going!
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13945
  • Karma: 1208
    • View Profile
Re: ikev1 and ikev2 / Firewall
« Reply #1 on: February 22, 2015, 09:42:14 am »
Hi there,

(1) IKEv1 has been fixed with 15.1.6.1 -- we'd appreciate a heads-up if there are remaining issues: https://forum.opnsense.org/index.php?topic=77.0

(2) I'll get back on that soon, but there should be a way to pull it off. Most likely through the config.xml itself.


Thank you for your feedback :)

Franco
Logged

Edge

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
Re: ikev1 and ikev2 / Firewall
« Reply #2 on: February 23, 2015, 09:50:03 am »
Hi franco,

thx for your little Update. IKEv1 works like a charm now.
I'm waiting for your input, when i finish the script, i will commit it to the community for an easy-migration of their pf.conf Firewalls.

Greetings
Logged

Edge

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
Re: ikev1 and ikev2 / Firewall
« Reply #3 on: February 23, 2015, 02:58:32 pm »
I found something strange, i think it's only an issue with the Webgui:

When i establish an IPSec IKEv1 Site-to-Site Connection between two endpoints, everything works like a charm. I can ping through the tunnel, can transfer data etc.
But in the Gui Status -> IPSec -> Overview the Tunnel has always Status disconnected.
Again: Traffic is working well, in both directions, i've played with Firewall Rules but nothing gets me another Status than disconnected even the Tunnel is up and running.
Could you be so kind to check this?

Thanks in advance
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13945
  • Karma: 1208
    • View Profile
Re: ikev1 and ikev2 / Firewall
« Reply #4 on: February 23, 2015, 10:16:43 pm »
Added to the issue tracker: https://github.com/opnsense/core/issues/64
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 15.1 Legacy Series »
  • ikev1 and ikev2 / Firewall
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2