Hey All,
i'm running OPNsense 24.7.12 with 2 wan connections, one behind CG-NAT, one without (thankfully).
I'm trying to setup ipsec vpn tunnels with vtis and routing through bgp.
My current issue is regarding having multiple tunnels up at the same time to increate throughput and time in case of a failover:
The IPsec-tunnels are currently configured with only one endpoint (behind CG-Nat, so it has to be the initiator of the connection).
The problem, is, that the outgoing interface should be the that of the local IP assigned to that interface (so Local Addresses is defined as 192.168.180.22), but the kernel uses the default route for this, which happens to be that of the pppoe connection. (highlighted for easier understanding)
This in turn results in the connection not being able to establish, as the endpoint on the other end of the connection doesn't know about this connection yet.
I've tried adding additional rules to force a gateway for the outgoing traffic of this ip to be sent using PBR via the associated gateway, but from my understanding, the traffic bypasses the packetfilter module, thus will not be affected by any routing decisions made there.
I've trying both options, the "Connections" based one, and also the legacy "Tunnel Settings" based one, each resulting in the same behaviour. Additonally i've verified using a packet capture, that the traffic is leaving on the wrong interface.
I'm sure there is a simple solution to this problem, but I've been unable to solve this after multiple days of searching/diagnosing and with the help of the documentation.
How would i move forward from here?
The second i disconnect the currently used primary gateway, the connection establishes just fine, so there isn't an issue beyond that from my understanding.