Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: bazbaz on September 18, 2023, 12:04:46 PM

Title: IPSEC "Block private networks from WAN"
Post by: bazbaz on September 18, 2023, 12:04:46 PM
Hi,
I've an IPSEC, site to site, VTI, tunnel between an OPN and a Fortigate.

The VTI interface has 10.77.36.54 on FG's side, and 10.77.36.53 on OPN's side.

When I try to send something from FG to networks behind OPN, or to 10.77.36.53, I can see on the OPN firewall that packets are discarded because it see them coming from the wan interface, not from the ipsec:
"Block private networks from WAN1"
interface   vmx1
interface_name   WAN1

why?

Title: Re: IPSEC "Block private networks from WAN"
Post by: Patrick M. Hausen on September 18, 2023, 01:13:40 PM
If this is a policy based tunnel, there is no separate interface. Packets are considered to come in via WAN.
Title: Re: IPSEC "Block private networks from WAN"
Post by: bazbaz on September 19, 2023, 11:41:48 AM
VTI, no policy pased
Text only | Text with Images