I have two sites A and B.
In site A, I have:
FW_A (OPNsense) with WAN XXX.XXX.XXX.XXX and LAN 10.0.10.254/24
SERVER_A with IP 10.0.10.1/24 and GW 10.0.10.254
In site B, I have:
FW_B (OPNsense) with WAN YYY.YYY.YYY.YYY and LAN 10.0.20.254/24
SERVER_B with IP 10.0.20.1/24 and GW 10.0.20.254
Site A and B are connected via IPsec (basically default setup).
From SERVER_A, I can ping FW_B and SERVER_B (no problem here).
From SERVER_B, I can ping FW_A and SERVER_A (no problem here).
The problems that I have
from FW_A, I cannot ping FW_B and SERVER_B
from FW_B, I cannot ping FW_A and SERVER_A
How can I fix this?
Thank you very much.
--Sami
Do you have the same challange with two OPNsense as with two pfSense?
So in OPNsense you can solve it the same way.
Your problem is that with policy based IPsec there is no transfer network for the tunnel so the firewall does not have a proper source address by default. Do you actually need connectivity from the firewall hosts to the respective remote network? If this is just for testing you can specify the source address for ping with "-S" - use the LAN of the device from which you are doing the ping.
If that works as a first step I remember someone posting a nifty trick with a static route. Was that route to the remote network to the host's own LAN address? You might want to try that or whoever gave that advice and/or remembers can confirm or correct.
HTH,
Patrick