OPNsense Forum
English Forums => Virtual private networks => Topic started by: jonsch on October 12, 2020, 04:01:23 pm
-
Cheers,
I've two OPNsense firewalls in two different locations, both of them have a public IP and two different LAN subnets.
The routed IPsec is build up like the documentation told me: https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html
The IPsec tunnel is up and running, but I can't set the static routes on both firewalls, because there is no option to create a gateway with the IPsec interface? So how should I route the traffic through the tunnel?
Regards,
-
Do you see the new firewall rules tab? IPsec in general is enabled?
-
Yes, the IPsec connection is up and running.
The firewall rule table is also been active with an any any route for testing at the moment.
-
There is no interface for IPsec connections. They don´t provide an interface.
Usually you create as much Phase2 entries as needed to route all the networks you want to route between these sites.
-
Are you sure? Take a look to the official documentation by step 5 they add an single gateway with an IPsec interface?
I just bind the subnets by phase 2 to the IPsec tunnel but thats all. The routing part has to be created seperate, right? How else should the firewall route the traffic to the IPsec tunnel and not to the default route.
-
Sorry, misunderstood your question.
You need to have "install policy" in Phase1 disabled to be able to use the connection for Gateway creation.
-
No problem.
It is still disabled, thats the strange thing.
Any other ideas?
-
Screenshots please, P1, P2, Firewall, Interface
-
Other site is configured the same way.
Attached you will find the screenshots.
-
and the last one...
-
This is a policy based IPsec, you didnt follow the Guide.
Also dont use special chars in description as this will be the name of interface
-
You are right, I have made the phase 2 on a false way.
I have now removed the subnets and add the tunnel source and destination IP.
But there is still now IPsec interface to choose?
-
Also dont use special chars in description as this will be the name of interface
New screenshots please ...
-
I have removed also any special characters and white spaces...
The configuration is the same but addresses instead of subnets...
-
You still didn't follow the docs exactly .. it routed and not tunnel ..
-
I have removed also any special characters and white spaces...
The configuration is the same but addresses instead of subnets...
Like mimugmail said: you´ve chosen the wrong mode in Phase2. You have tunnel-mode. You need to change to Route-based, see screenshot.