core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

VPN: IPsec: Mobile Clients - explicit split-include - charon attribute

Open falkevik opened this issue 1 year ago • 3 comments

Enabling more than one split network to be used with both vpnc and macos cisco vpn. Phase2 networks are set to 0.0.0.0/0 but the split-include is explicit.

Manual SPDs couldn't be added with mobile clients. Using the IPsec Phase2 for more than one network didn't work as the SPD for the first network was the only one setup. Rendering the subsequent networks in the split-include to be dropped on the way back to the vpn client IP address.

falkevik avatar Sep 20 '24 13:09 falkevik

Eventually we should migrate this to MVC, the latest versions already contains "VPN: IPsec: Advanced Settings", which is likely also the spot where most of these settings should migrate to in some form.

Keeping this here for now to prevent complicating next steps more than needed.

AdSchellevis avatar Sep 20 '24 17:09 AdSchellevis

Ok, understood. Thanks for considering the additional configuration option. For us we couldn't find any other way to solve the problem with multiple split networks.

I can have a look at adding this to the MVC pattern once that is applicable.

falkevik avatar Sep 23 '24 06:09 falkevik

@falkevik I'll keep it on the list, when refactoring code, it shouldn't be an issue to add it as well.

AdSchellevis avatar Sep 23 '24 09:09 AdSchellevis

should be implemented in https://github.com/opnsense/core/pull/8380

AdSchellevis avatar Mar 02 '25 17:03 AdSchellevis