OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: hboetes on January 15, 2019, 03:16:50 pm
-
After hours of fiddling with a peer to peer SSL that did not work, whereas a peer to peer with shared key did work the following workaround:
Set the tunnel network to a /30
Let me explain: First I set the tunnel network to a /24, and then I noticed the IP on the client side of the tunnel was 10.3.0.6 and 5 and on the server side of the tunnel it was 10.3.0.1 and 2 and the route from the server to the client was pointed at 10.3.0.2.
So then I added the option topology30, which fixed the IP addresses, but no traffic was possible to the client.
After that I came up with a clever workaround, use a /30 for the tunnel network and disable the topology30 option. And... lo and behold... I got my SSL encrypted site to site working.