Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: comojr on October 28, 2025, 10:07:22 AM

Title: SOLVED - IPsec tunnel with SNAT not working, traffic is sent over WAN instead
Post by: comojr on October 28, 2025, 10:07:22 AM
Hey all,

I have a weird problem with a IPsec VPN tunnel which I can't wrap my head around...

The following setup works in another tunnel:

Since our internal network could not be used (address conflicts on the remote network) we use SNAT to use a single IP address as "our" network in the VPN tunnel. The remote Network in the tunnel is a private class C network. Everything here is working as expected, traffic flows over IPsec and everything is reachable.

The setup that is not working is basically the same, the only difference is that the remote networks in the IPsec tunnel are a couple of single hosts (192.168.10.x/32 for example), each of them having a seperate SNAT rule. The tunnel is connected fine in phase 1&2. When I try to reach one of the host via the tunnel, the traffic is not sent over IPsec, but over WAN instead.

I've checked everything I could think of, but I can't get the traffic to go over IPsec...

Anyone have any ideas?
Title: Re: IPsec tunnel with SNAT not working, traffic is sent over WAN instead
Post by: Monviech (Cedrik) on October 28, 2025, 10:33:27 AM
It sounds like there is no IPsec policy installed that matches the destination of the traffic you are sending.
Title: Re: IPsec tunnel with SNAT not working, traffic is sent over WAN instead
Post by: comojr on October 28, 2025, 11:08:39 AM
Wow, thank you so much. I totally missed this while setting up the new tunnel.
Title: Re: SOLVED - IPsec tunnel with SNAT not working, traffic is sent over WAN instead
Post by: Monviech (Cedrik) on October 28, 2025, 11:20:16 AM
np :)
Text only | Text with Images