Hello,
I am trying to set up BGP I successfully set up on a linux machine.
I have (one for now, there will be 2 for redundancy) route based IPsec S2S VPN behind which is a BGP router (192.168.202.68). The peer local tunnel interface has IP 10.101.177.1.
I set up gateway (10.101.177.1) with lower priority than the default one and attached it to the VTI (10.101.177.2) of the IPsec S2S VPN.
I set up static route to 192.168.202.68 via the gateway (10.101.177.1) attached to the VTI.
As the BGP peer requires my BGP router to present itself with different IP (not my OPNsense WAN IP) I set up SNAT for the VTI interface (using virtual IP attached to WAN).
The problem I have is that I receive TCP SYN (BGP messages) from the BGP peer via IPsec tunnel but BGP messages sent from OPNsense are sent via WAN interface instead of VTI.
How to make some packets from OPNsense to go via a specific interface?
FYI: If I remove SNAT, I can see in packet capture that the packet to 192.168.202.68:179 went through the VTI and was refused by the target.
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
VTI1 any * 192.168.202.68/32 * 10.112.0.177 * NO