OPNsense Forum
English Forums => General Discussion => Topic started by: geotek on January 22, 2020, 04:53:25 pm
-
Scenario: Private LAN on Location A connected via OPNsense 19.7.9 to Internet. OPNsense has Route-Based IPsec tunnel to location B. Everything works as expected, except that the public IP of location B is now unreachable for hosts in private LAN of location A.
I assume that all traffic from LAN to the public IP of location B is erroneously sent via Tunnel Gateway through the tunnel instead of being Natted to the standard default route.
Is this behaviour a general design flaw of Route-Based IPsec on OPNsense or can it be solved somehow?
-
More info with network addresses please, it seems to me that info from the first paragraph conflicts with the second.
Cheers,
Franco
-
Take this as an example:
Location A (OPNsense)
LAN: 192.168.10.0/24
Public IP: 1.1.1.1
VPNGW1: 2.2.2.2
Static Route: 192.168.20.0/24 => VPNGW1
Location B (Juniper SRX)
LAN: 192.168.20.0/24
Public IP: 2.2.2.2
IPsec Tunnel between LAN A and LAN B works fine, also does NAT Traffic from LAN to Internet. So everything is fine, except that hosts on LAN A can't reach Public IP of Location B (2.2.2.2), neither ping nor any other port responds.
Since Juniper does Route based IPsec directly and does not have an OpenVPN-like transfer-Net I have to set VPNGW1 to the public IP of site B.