OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: damian6973 on September 22, 2019, 11:12:24 pm
-
Hi,
I have configured 3 IPSEC Site2Site VPN an want to monitor in each Site some machines and equipment.
But configured with Monit's "host check" I always get an error:
status ICMP failed
monitoring status Monitored
monitoring mode active
on reboot start
ping response time connection failed
data collected Sun, 22 Sep 2019 23:06:41
But ping from my network into the tunnels working without any problem and any endpoint is reachable.
Any Idea why it's not working?
best regards
Damian
-
I haven't used IPSEC on opnsense before, but have on many enterprise devices, so this might not help.
This is normally a routing or subnet issue from the firewall itself, therefore not as you would normally traverse it. I would suggest you SSH into opnsense and press 8 for shell. I'd check if you can ping the host on the opposite side of the tunnel and take a look at the routing tables (netstat -rn).
-
Hi FlangeMonkey,
curious, the Gateways for the Tunnels are on PPOE0, so the ping tries to go thru my outside IP, I normally using Cisco and Defendo's in Business and there is it completely different.
regards
Damian
I haven't used IPSEC on opnsense before, but have on many enterprise devices, so this might not help.
This is normally a routing or subnet issue from the firewall itself, therefore not as you would normally traverse it. I would suggest you SSH into opnsense and press 8 for shell. I'd check if you can ping the host on the opposite side of the tunnel and take a look at the routing tables (netstat -rn).
-
Local Ping is done from WAN interface so it doesn't match the SA
-
Hi,
Is this normal behavior?
-
Yes, interface closest to the destination