Hi all,
I've been configuring an IPsec connection between us, and one of our customers. IPsec itself was working pretty soon (both phase 1 & phase 2), but we had the hardest time pushing bits and bytes through that tunnel...
After trying many things I ended up going to Firewall: Rules: IPsec and changing the source of the rules, which was set to 'IPsec net', to '*'. As soon as I did this, the customer was able to connect to the resources.
We have various other subnets, including 2 Wireguard, where I've set the source to '[subnet name] net' in firewall rules, and this works flawlessly.
Why doesn't this work for our IPsec setup? Did I misconfigure something somewhere, or is this a bug... ahem... feature? 8)
"IPsec net" is the network directly connected to the tunnel interface, not the remote networks of your customer.
Ah, ok.
What if I replace '*' with an alias containing the networks of our customer? Would that be a functioning compromise?
Yes, most probably.
Before I make the same mistake twice... It would work with Wireguard, right? That's different in this aspect from IPsec?