Hi all,
I have two sites, connected via IPSEC VPNs. OPNSense does not terminate either of these VPNs.
Instead, at each site I have OPNSense deployed and exposed over IPSEC.
OPNSense LAN A <--> FW1 [INTERNET][IPSEC] <--> FW2 <--> OPNSense LAN B
Other LAN A Hosts <--> FW 1 FW2 <--> Other LAN B Hosts
I'm attempting to use VxLan and have LAN A and LAN B be the same Layer2/broadcast domain.
I've successfully setup a VxLan route between the two and on the LAN B side I can even see all the broadcast/multicast traffic on FW2 I expect to see (from hosts that are "foreign" to it and exist on the otherside of the IPSEC tunnel).
On the LAN A side, using a different VM, if I attempt to ping TESTHOST1 in LAN B sharing the same /24, I get the correct arp from TESTHOST1's NIC!... But Im not routing.
And that's where I'm stuck.
I thought it could be because OPNSense is not the default gateway for these hosts. FW1 & FW2 are...
But it stops making sense since i'm not supposed to need a default gateway to route... to a local subnet. Just its MAC.
Would I need to proxy arp for each side?
Any insight appreciated
Update:
I reset and started again on the LAN A side and I got routing working!
Would like to solve this now:
In pinging from a host on LAN A to LAN B on the same /24 I get:
64 bytes from 192.168.5.251: icmp_seq=1 ttl=64 time=3.68 ms
64 bytes from 192.168.5.251: icmp_seq=1 ttl=64 time=4.62 ms (DUP!)
64 bytes from 192.168.5.251: icmp_seq=2 ttl=64 time=3.65 ms
64 bytes from 192.168.5.251: icmp_seq=2 ttl=64 time=4.57 ms (DUP!)
64 bytes from 192.168.5.251: icmp_seq=3 ttl=64 time=3.46 ms
64 bytes from 192.168.5.251: icmp_seq=3 ttl=64 time=4.76 ms (DUP!)
And I'm not sure why the duplicate packet?
As a note, I did have to bridge the VxLan interface that was created after I created an entry in the VXLAN menu to the LAN adapter in order to get this working.