OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: mahescho on January 30, 2020, 03:29:25 pm

Title: Policy based routing for IPSEC (not tunnel)
Post by: mahescho on January 30, 2020, 03:29:25 pm: Hi,

I've 3 up links, A, B and C. A is my default gateway. I use policy based routing to direct LAN (and VLAN) traffic to one of these up links. This works as expected.

I've configured my IPSEC VPN to use the interface of up link C. Now I need the IPSEC VPN to use the gateway of up link C. To get this I need policy based routing entries for firewall local traffic (ESP, ISADMP, NAT-T). I can see auto generated rules on up link C for the IPSEC traffic with the gateway of up link C to be set as gateway. But what I found is that they do not get used.

When I do "ipsec up con1" and look at my up link A interface by tcpdump I see the ESP traffic on A instead of C.

When I initial IPSEC from the remote site I see the ESP packages arrive on C and the answers of OpnSense on A.

How to get this working?

TIA

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy