Dear opnsense friends,
I Setup Routed IPsec site to site and my IPsec tunnel is up and running , Site A Lan connect my CoreSwitch and routing is add ok .
But i can't 10.0.1.0/24 to connect 192.168.99.2 (Site B FW) ,CoreSwitch ( route add 192.168.99.0/24 gw 10.0.9.2)is added. Ping or Tracert is Deny, Use Http no any message log , How do I set to allow 10.0.1.0/24 to pass site B Lan ?
Site A
wan 1.2.3.4
lan 10.0.9.2/24
Tunnel network 172.18.18.1
Site B
wan 4.3.2.1
lan 192.168.99.2/24
Tunnel network 172.18.18.2
Live Log Message:
LAN Jan 15 11:04:21 10.0.1.23 192.168.99.2 icmp Default deny rule
LAN Jan 15 11:04:16 10.0.1.23 192.168.99.2 icmp Default deny rule
According to your live log messages you need to add a firewall rule on the LAN interface to allow traffic from 10.0.1.0/24 to 192.168.99.0/24.
And on the OPNsense Site B you need a firewall rule on the IPsec group to allow traffic from 10.0.1.0/24 to 192.168.99.0/24, too
Thank you for your explanation, I set it up successfully