Hi, everybody,
we have here in our lab an OPNsense Firewall with the latest software.
There are three ports (LAN, WAN, VPN). At the WAN port our ISP has switched us a total of 5 usable external IP addresses.
The first of these IP addresses uses our WAN interface directly. Another one I would like to use to set up an IPsec VPN. Unfortunately I seem to miss something.
I have entered the additional IP as a virtual IP and selected it as interface in the IPsec settings. After that I checked the firewall rules of the WAN interface. Unfortunately the VPN rules do not seem to be created automatically. Therefore I created them manually.
But I still can't get a tunnel.
Does anyone have an idea what else I could look at?
BTW. Another IPsec VPN which is directly on the WAN interface works fine. There the firewall rules are created automatically.
Thanks a lot
Greeting
Joe
Please share the configuration details via Screenshot, the log error you get in IPsec and the rules on WAN.
Common problems with this type of configuration are missmatching IDs or missing or wrong rules.
Hello,
thank you for the quick response.
I would like to make the screenshots for you. However, this is already almost productive and I would have to make almost all relevant information unrecognizable.
However, I have the tunnel running now (my counterpart on the second site has initiated the connection). However, I can't get it to the remote network to be routed.
A traceroute shows that the default gateway is taken.
What could be the reason for this?
Thanks a lot
Greeting
Joe
Maybe you only have phase 1 up and running but not phase 2.