Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: edzilla on June 10, 2025, 10:06:27 PM

Title: Only one child SA per IPSec connection
Post by: edzilla on June 10, 2025, 10:06:27 PM
If I setup a (new style) IPSec connection with multiple child SAs, only the first one works.
I've worked around that by super-netting but that's not always possible.
Is that a known limit?
Thanks!

This is what my setup looks like:
(https://i.imgur.com/O7PpSKv.png)
Title: Re: Only one child SA per IPSec connection
Post by: edzilla on June 11, 2025, 12:24:15 AM
So this issue was completely on my end.
I configured the IPSec VPN on the other end (Oracle OCI) as Static routing rather than Policy and that only allows one child SA.
There's not issue on Opnsense's end.
Text only | Text with Images