OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: bruci3 on April 22, 2019, 01:24:09 am
-
Hi guys,
I am trying to setup IPsec from my Opsense box at home to my AWS.
Opnsense LAN 192.168.1.0/24
AWS VPC 172.31.0.0/16
I have got the IPSec tunnel to establish but pings etc are not working.
It seems the Opsense side can receive traffic, but cannot send out traffic.
Reason I know this is, if I ping from my AWS to Opnsense I can see the "Bytes in" increases, so means traffic is flowing into Opnsense, but nothing seems to go out from Opnsense because if I ping from Opnsense side to AWS, the "Bytes out" does not change.
These are my current rules:
Firewall > Rules
WAN allow Port:TCP/UDP 500, 4500
IPsec allow Source: 172.31.0.0/16 to any
IPsec allow Source: 192.168.1.0/24 to any
LAN allow Proto: ICMP any any
This is what the status shows on Opnsense IPsec status
Time : 1375
Bytes in : 672
Bytes out : 0
Am I missing some firewall rule, or do I need to add any Routes or NAT rules. Please help???
I have been stuck with this for over a week and its driving me nuts.
-
Install Policy is enabled?
-
Sorry not sure what Install Policy is. Can you please explain what this is?
-
In Phase1 Tunnel config
-
OMG, you are a genius. Seriously 1 week I could not figure this out, all it took was that one tip from you, I enabled "Install Policy" and now traffic is flowing both ways and pings are working. Thanks I feel so happy right now!!
Honestly, I felt down all weekend cause I could not get this to work. Thanks again mimugmail!!!