F5F Stay Refreshed Power Users Networks No one mentioned OPNsense and IPsec on Windows yet. Would you like advice on how to set this up?

No one mentioned OPNsense and IPsec on Windows yet. Would you like advice on how to set this up?

No one mentioned OPNsense and IPsec on Windows yet. Would you like advice on how to set this up?

S
Sr_Pipo
Member
Find
129
01-16-2016, 11:02 AM
#1
I've posted on the opnsense forum, spiceworks, and the opnsense reddit but either everyone hates me or no one knows what I'm doing wrong, so I figured I would come here and see if anyone has any ideas. Here's a link to the reddit that includes some screenshots of the config: https://www.reddit.com/r/OPNsenseFirewal...ty_please/ Basically I'm trying to setup IPSec and have it work with Windows 10 clients, and I am failing miserably. I followed the guide on the wiki, but when I try to connect from my friends laptop (using teamviewer for the remote session) I can't even see the traffic from her public IP hit my firewall. Key points: - I followed this guide: https://wiki.opnsense.org/manual/how-tos...hapv2.html - I downloaded the CA from the firewall and installed it on the client laptop - I'm using DDNS so people can use a name to reach my public IP. This has worked flawlessly before with other setups - I can't see the traffic in the live firewall logs when I try to make the connection from my friends laptop I am assuming I'm doing something stupid, or missing something, but I've been at it for 2 days straight and I'm just lost. Please let me know if I can provide further screen shots or information beyond what is posted in the reddit thread if it will help. Thank you in advance.
Reply
Reply
S
Sr_Pipo
01-16-2016, 11:02 AM #1

I've posted on the opnsense forum, spiceworks, and the opnsense reddit but either everyone hates me or no one knows what I'm doing wrong, so I figured I would come here and see if anyone has any ideas. Here's a link to the reddit that includes some screenshots of the config: https://www.reddit.com/r/OPNsenseFirewal...ty_please/ Basically I'm trying to setup IPSec and have it work with Windows 10 clients, and I am failing miserably. I followed the guide on the wiki, but when I try to connect from my friends laptop (using teamviewer for the remote session) I can't even see the traffic from her public IP hit my firewall. Key points: - I followed this guide: https://wiki.opnsense.org/manual/how-tos...hapv2.html - I downloaded the CA from the firewall and installed it on the client laptop - I'm using DDNS so people can use a name to reach my public IP. This has worked flawlessly before with other setups - I can't see the traffic in the live firewall logs when I try to make the connection from my friends laptop I am assuming I'm doing something stupid, or missing something, but I've been at it for 2 days straight and I'm just lost. Please let me know if I can provide further screen shots or information beyond what is posted in the reddit thread if it will help. Thank you in advance.

Reply
Reply
D
dehunter456
Member
Find
237
01-21-2016, 11:45 PM
#2
So far as I understand, the traffic isn't reaching the firewall. I don’t know why. The DDNS used for the IPSec connection matches the one I’m using for port forwarding and XMPP server setup, which is functioning properly. When reviewing the firewall rules as instructed in the guide, I see multiple evaluations but no actual packets, bytes, or states. But here’s something noteworthy... - If I keep the client configuration on the Windows 10 machine as described, and start the connection, it just displays "Connecting" without taking any action. - When I switch to using machine certificates, it shows "Connecting," shows the DDNS name, then stops with an error saying "IKE failed to find valid machine certificate." - If I change it to use my Windows login credentials, it still connects, shows the DDNS name, but then hangs without further progress. No matter which setting I choose, the rule states remain at zero activity.
Reply
Reply
D
dehunter456
01-21-2016, 11:45 PM #2

So far as I understand, the traffic isn't reaching the firewall. I don’t know why. The DDNS used for the IPSec connection matches the one I’m using for port forwarding and XMPP server setup, which is functioning properly. When reviewing the firewall rules as instructed in the guide, I see multiple evaluations but no actual packets, bytes, or states. But here’s something noteworthy... - If I keep the client configuration on the Windows 10 machine as described, and start the connection, it just displays "Connecting" without taking any action. - When I switch to using machine certificates, it shows "Connecting," shows the DDNS name, then stops with an error saying "IKE failed to find valid machine certificate." - If I change it to use my Windows login credentials, it still connects, shows the DDNS name, but then hangs without further progress. No matter which setting I choose, the rule states remain at zero activity.

Reply
Reply