OPNsense Forum

English Forums => Virtual private networks => Topic started by: JensKG on July 05, 2021, 11:25:33 pm

Title: Problems with routed Site-to-Site IPSec
Post by: JensKG on July 05, 2021, 11:25:33 pm
Hi!

I have 2 problems with OPNsense 21.1.7_1.

I have created a site-2-site routed IPSec VPN. It works when I put in the "Remote Gateway" address on both sites. But one site has a dynamic IP, when this chages VPN is not working any more. OK, it should not work with the wrong remote gateway, but even if I check "Allow any remote gateway to connect" it is not working. Only if I put in the correct new dynamic IP of the remote site's gateway.

Second problem: If I do this (put in the correct IP for remote gateway and restart IPSec service) the VPN connection starts again without problem but the routing does not work. I then have to go to System->Routes->Configuration, change nothing and click "apply". THEN the routing through VPN immediately starts working.

So why the option "Allow any remote gateway to connect" is not working? (I have multiple VPN connections to this server and I like that every works with fixed IP oder with dynamic IP).
Sure, phase 1 Authentication is not set to IP address, it is set to user "distinguished name" for local and remote.

Can you help me to get this working without adjusting remote gateway address in IPSec phase 1 and applying the system routes after every change of remote gateway IP address??

Regards,
Jens
Title: Re: Problems with routed Site-to-Site IPSec
Post by: gliddie on August 21, 2021, 10:33:08 pm
Hello Jens,

Did you ever find a solution?
I have exactly the same issue

Thank you