OPNsense Forum

English Forums => Virtual private networks => Topic started by: netcreator on March 09, 2023, 11:04:03 am

Title: [IPSec routing-problem] Routes will not come active again after WAN was down
Post by: netcreator on March 09, 2023, 11:04:03 am
Hey to all!

Yesterday I created an Topic about unresponsive VTI-interfaces after the WAN-link of the OPNSense was down.

Topic: "[UPDATE] IPSec VTI-interface not responding any longer after WAN-IP changed"

I had a bit of progress while i was troubleshooting and figured out the following:

The IPSec VTI-interface is responding but only out of the same network where its placed. So assumed that I have to search for routing-problems on the OPNSense. And yes... there are routing-problems. When the WAN-interface goes down (and also the tunnels) the OPNSense is removing all active routes which are used together with the IPSec-VPN. After the tunnels have gone up again the routes will not be applied again. Some options/configurations like "Allow defaulf gateway switching",  "gateway-monitoring" or "upstream gateway" do not have an effect on that. No matter what I do or configure... The routes used for the IPSec-tunnels will not come back as long as I have not restarted the "routing"-Service.

The Routes are still shown under "System-->Routes-->Configuration" because I created them but they will not come active again in the "System-->Routes-->Status". This happens every time a have an DSL-resync and the WAN PPPoE-Interface gets a new ip-address.

Does somebody know about these issue and hopefully have a solution for that?

Thanks in advance!
Title: Re: [IPSec routing-problem] Routes will not come active again after WAN was down
Post by: franco on March 09, 2023, 11:23:17 am
I would appreciate a single topic approach.


Thanks,
Franco
Title: Re: [IPSec routing-problem] Routes will not come active again after WAN was down
Post by: netcreator on March 12, 2023, 07:57:59 pm
Problem has been solved in this thread:

"[FIXED] IPSec VTI-interface not responding any longer after WAN-IP changed"

https://forum.opnsense.org/index.php?topic=32895.0