I'm using OPNsense 23.1.
Creating a new IPSEC tunnel default to Policy Based Routing ([Install Policy] is cheched by default].
So I don't find any route in the routing table.
It works, but what I can't understand is how local network reach remote network without routes.
Where I can monitor the routes from local to remote?
How can an IP packet that start from a local host reach the remote host if on the firewall there is no route?
It works, but I don't understand why :)
Sorry for the confusion, any help will be appreciated.
Quote from: davide on July 07, 2023, 11:53:30 AM
So I don't find any route in the routing table.
It works, but what I can't understand is how local network reach remote network without routes.
Where I can monitor the routes from local to remote?
How can an IP packet that start from a local host reach the remote host if on the firewall there is no route?
It works, but I don't understand why :)
As the name suggests there's an IPsec policy in place. This takes precedence over any route that might also exist. In IPsec phase 1 takes care of authentication and negotiation of parameters. Phase 2 establishes the actual tunnels.
Established connections (phase 1 and phase 2) are generally called SA - security association. You can view the SAs for both phases with this command:
ipsec statusOr use VPN > IPsec > Status Overview in the UI.
The summary display will show you all the phase 1 SAs, one per line. If you click on the tiny (i) on the right hand side, you will see all the phase 2 SAs for that connection.
HTH,
Patrick