Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: davide on July 20, 2025, 06:16:27 PM

Title: IPSEC tunnel goes UP without explicit firewall RULES on the WAN
Post by: davide on July 20, 2025, 06:16:27 PM
OPNSense version 25.1.7_2-amd64

I created an IPSEC tunnel (legacy).

I didn't make the rules (I forgot about them) on the WAN (ESP / UDP port 500 / UDP port 4500).

The tunnel goes UP.
How is this possibile?

Reading the documentation, the rules need to be created: https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html

Any suggestion will be appreciated.
Title: Re: IPSEC tunnel goes UP without explicit firewall RULES on the WAN
Post by: Monviech (Cedrik) on July 20, 2025, 07:02:33 PM
Essentially only the responder needs these firewall rules as the initiator creates states that will allow return packets for 500/4500 and esp.

Though if you want to make sure both sites can initiate and esp has no hiccups, creating them firewall rules is the best choice.
Text only | Text with Images