I installed OPNsense 21.7.1 in Google Cloud Platform following these instructions (https://myvgp.com/node/11).
Everything is good except I am having issues with IPsec Routed.
I have configured OPNsense as "respond only" and using remote gateway as 0.0.0.0 since remote is using dynamic ip. The VTI tunnel interface ipsec1 is created properly and ipsec tunnel shows established, but I can't ping each other tunnel IP. It seems the ipsec1 internface on OPNsense is not fully RUNNING.
If I change the OPNsense remote gateway from 0.0.0.0 to the actual current IP of the remote end, the ipsec1 interface starts working. "ifconfig" shows interface in RUNNING, and I can ping the tunnel IPs of the other end.
Is there a way I can workaround this issue? I did some Google search and it seems pfsense has the same issue (https://redmine.pfsense.org/issues/10638).
Hi baku1970,
did you find a solution for this?
I have the same problem with two OPNsense endpoints (one fixed IP, one dynamic). When the dynamic IP changes, I know of no other fix than (on the fixed side):
- restart unbound, to make sure it knows the new dyndns address
- edit and save the phase 1, and save IPsec settings, otherwise strongswan doesn't know the new remote IP
- this makes the routes to the far gateway disappear, so I need to edit/save/apply the gateway too
Any kind of solution/workaround for this would really make my day, as otherwise I have no need for fixed IPs on small remote locations, and this is a very expensive option.
Thanks a lot,
Frank
any solution to this?