OPNsense Forum

English Forums => General Discussion => Topic started by: HappyOpnSense on February 24, 2022, 02:37:13 pm

Title: Default address in case if IPSec
Post by: HappyOpnSense on February 24, 2022, 02:37:13 pm

Hi,

running OPNSense 22.1 on ARM (yes it works) using IPSec to have a secure connection to my central location. Clients behind the OPNSense FW can reach the central location as expected and FW rules work accordingly.

What doesn't work is when the OPNSense FW needs to reach the central location it self, e.g. for pkg updates as I have a local repo at my central location.

What seems to be the issue is the OPNSense uses the WAN interface address as the default (and that one can;t be used as a source address on the VPN link) rather than the LAN interface address as the default. Any suggestion on what needs to be done to have this changed. If I use ping -S <LAN address> <dest> it all works but e.g. pkg update will not use the LAN address as its source.

Title: Re: Default address in case if IPSec
Post by: franco on February 24, 2022, 07:32:19 pm

A similar thing was discussed here including the magical solution:

https://github.com/opnsense/core/issues/5586


Cheers,
Franco

Title: Re: Default address in case if IPSec
Post by: HappyOpnSense on February 24, 2022, 08:10:18 pm

Amazing, but it seems to work.

Thnx

Title: Re: Default address in case if IPSec
Post by: franco on February 24, 2022, 08:13:51 pm

magic indeed :)