OPNsense Forum
English Forums => Virtual private networks => Topic started by: netcreator on March 09, 2023, 11:04:03 am
-
Hey to all!
Yesterday I created an Topic about unresponsive VTI-interfaces after the WAN-link of the OPNSense was down.
Topic: "[UPDATE] IPSec VTI-interface not responding any longer after WAN-IP changed"
I had a bit of progress while i was troubleshooting and figured out the following:
The IPSec VTI-interface is responding but only out of the same network where its placed. So assumed that I have to search for routing-problems on the OPNSense. And yes... there are routing-problems. When the WAN-interface goes down (and also the tunnels) the OPNSense is removing all active routes which are used together with the IPSec-VPN. After the tunnels have gone up again the routes will not be applied again. Some options/configurations like "Allow defaulf gateway switching", "gateway-monitoring" or "upstream gateway" do not have an effect on that. No matter what I do or configure... The routes used for the IPSec-tunnels will not come back as long as I have not restarted the "routing"-Service.
The Routes are still shown under "System-->Routes-->Configuration" because I created them but they will not come active again in the "System-->Routes-->Status". This happens every time a have an DSL-resync and the WAN PPPoE-Interface gets a new ip-address.
Does somebody know about these issue and hopefully have a solution for that?
Thanks in advance!
-
I would appreciate a single topic approach.
Thanks,
Franco
-
Problem has been solved in this thread:
"[FIXED] IPSec VTI-interface not responding any longer after WAN-IP changed"
https://forum.opnsense.org/index.php?topic=32895.0