So I have replaced my NetScalers and SD-WAN boxes as routers with OPNsense.
I have the IPsec VPN portion working great, but at one of my datacenters I have multiple LANs that I need to be able to talk to each other. Both LANs can get to the WAN interface, but can't get to each other.
When doing a tracert it hits the OPNSense, which then forwards it on to the default gateway. I put in another gateway with a route to the OPNSense LAN interface but it just keeps looping to that interface, instead of going on to the device on that Subnet.
I have opened up my firewall rules for all ports in all direction for testing. Still no go.
Anyone know what I am missing?
System, Routes, Configuration, +
Add a static route from the firewall via the gateway to the LAN. Make sure the LAN default gateway has a route back to your origin.
Bart...
So the OPNsense is the default gateway for both lan networks. When I put in the static route to be the LAN interface of the other lan is just repeats to itself. So it's like it can't find the other machines in that broadcast network so it sends it to itself to find it.
OK, I think I got it. I had to enable
Dynamic gateway policy This interface does not require an intermediate system to act as a gateway
Then I created gateways for the networks and put them at higher priority than the default.
I then lost my VPN tunnel, once I put static routes into the networks going to those dynamic gateways then vpn came back up and lan to lan communication works.
Thanks!