OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: JasMan on August 31, 2019, 01:50:04 pm
-
Hey,
I've an IPsec connection to the network of a friend of mine (192.168.0.0/24). He has an Raspi with Nextcloud (192.168.0.10) which I would like to use to backup my OPNsense config regularly.
But OPNsense can't reach this address. When I traceroute the destination raspi.fritz.box from the web interface, OPNsense sends this traffic to the WAN interface/Internet and not through the IPsec tunnel.
# /usr/sbin/traceroute -w 2 -n -m '18' 'raspi.fritz.box'
traceroute to raspi.fritz.box (192.168.0.10), 18 hops max, 40 byte packets
1 10.0.224.1 1.122 ms 0.631 ms 0.628 ms
2 [WAN IP] 5.984 ms 5.896 ms 5.888 ms
3 * * *
4 * * *
5 * * *
....
From my LAN behind the OPNsense I can reach the Nextcloud client. So it's not a general routing issue.
Any ideas to solve this or for a workaround?
Thanks
Jas
-
Add the WAN IP of OPNsense to the P2 SA
-
The WAN IP is already a part of the subnet that I've defined in Phase 2 of the SA.
When I change the source IP of the traceroute to one of the LAN interfaces, I get this output:
# /usr/sbin/traceroute -w 2 -n -m '4' -s '10.0.10.1' '192.168.0.10'
traceroute to raspi.fritz.box (192.168.0.10) from 10.0.10.1, 4 hops max, 40 byte packets
traceroute: sendto: Host is down
traceroute: sendto: Host is down
traceroute: sendto: Host is down
traceroute: sendto: Host is down
traceroute: sendto: Host is down
traceroute: sendto: Host is down
traceroute: sendto: Host is down
1 * * *
2 * *traceroute: wrote 192.168.0.10 40 chars, ret=-1
*
3 traceroute: wrote 192.168.0.10 40 chars, ret=-1
*traceroute: wrote 192.168.0.10 40 chars, ret=-1
*traceroute: wrote 192.168.0.10 40 chars, ret=-1
*
4 traceroute: wrote 192.168.0.10 40 chars, ret=-1
*traceroute: wrote 192.168.0.10 40 chars, ret=-1
*traceroute: wrote 192.168.0.10 40 chars, ret=-1
*