Text only | Text with Images

OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: TimmiORG on July 24, 2023, 10:57:19 AM

Title: IPsec migration: Tunnel Settings to new Connections
Post by: TimmiORG on July 24, 2023, 10:57:19 AM
Hi OPNsense,

I'm looking into the migration of my IPsec configuration to the new IPsec Connection interface.

Tunnel connection looks OK but I don't get any traffic through it. I remembered that the "Tunnel Isolation" was required in the past but I don't find a way to configure this on the new interface.

Any advice?

Best regards
Christoph
Title: Re: IPsec migration: Tunnel Settings to new Connections
Post by: franco on July 24, 2023, 02:01:26 PM
Well, tunnel isolation only works of you have at least two phase 2 and one tunnel should always work (normally only the last one).

In the connections the situation is a bit more specific: clone the connection itself and only use one child per connection.


Cheers,
Franco
Title: Re: IPsec migration: Tunnel Settings to new Connections
Post by: TimmiORG on July 24, 2023, 04:41:21 PM
Hi Franco,

I have multiple phase twos. But I manage to get it working with the new connections interface.
Have somehow the feeling that I had to delete the old phase 2 from the old tunnel as well as there have been some old SPD entries.

Now the new configuration is working.

Best regards
Christoph
Text only | Text with Images