:
I setup OPNsense (latest 21.x version) to MikroTik routed Point-to-Point IPSec IKEv2 VPN with dynamic BGP routing in my isolated test lab for a pre-production implementation.
While capturing through data traffic on my vCloud (simulated Internet) I noticed traffic being forwarded to OPNsense configured "Remote Network" address range does get encrypted, Natted and routed and-to-end; this is correct behavior. However, I notice traffic that falls outside the "Remote Network" address range is not encrypted. As I analyzed this issue, I realized this is also correct behavior based on my configuration.
Example:
OPNsense IPSec VPN Tunnel Settings "Remote Network" address 192.168.3.0/24 - traffic to this range is encrypted.
We implemented a new remote network address 172.16.25.0/23 - traffic to this range is NOT encrypted.
MY QUESTION:
OPNsense as-well-as MikroTik offers a single box to add a remote address. Since my 2 networks are discontiguous and cannot be changed, is there a way to encrypt both subnets but just these 2 subnets without encrypting any other network traffic egressing the WAN interface?
Thank you
Frank
I figured it out, just add another policy under the first one - and on the other end too.
Happy Day
Frank