OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: alh on December 11, 2021, 12:45:55 am

Title: [SOLVED] IPsec: remote network is routet through WAN-gateway
Post by: alh on December 11, 2021, 12:45:55 am
I configured two S2S IPsec tunnels (policy). LAN and IPsec interface feature an allow all rule.

Both remote sites connect and clients in the remote LAN's successfully ping the firewall.

However, the firewall cannot ping any host nor the gateways or the remote sites. It seems like the tunnels are one way only. I looked at the routing table and was surprised to see that the remote LAN's (10.52.10.0/24, 10.62.10.0/24) are added to the default gateway (172.31.1.1).

Any idea where I could have gone wrong?
Title: Re: IPsec: remote network is routet through WAN-gateway
Post by: larsd on December 11, 2021, 12:14:36 pm
FIREWALL: SETTINGS: ADVANCED -> Disable Force Gateway
VPN: IPSEC: ADVANCED SETTINGS -> Do not install routes
SYSTEM: GATEWAYS: SINGLE -> create a GW with the same IP address as your LAN interface
SYSTEM: ROUTES: CONFIGURATION -> add needed routes

cheers
Title: Re: IPsec: remote network is routet through WAN-gateway
Post by: alh on December 11, 2021, 03:30:40 pm
Thanks for your input but if I do this I cannot route between the remote networks...
Title: Re: IPsec: remote network is routet through WAN-gateway
Post by: larsd on December 11, 2021, 03:58:44 pm
my tunnels are setup this way and the clients can reach the remote networks, as well as the firewalls ...
Title: Re: IPsec: remote network is routet through WAN-gateway
Post by: alh on December 11, 2021, 04:04:01 pm
And you have a routed IPsec or policy-based?
Title: Re: IPsec: remote network is routet through WAN-gateway
Post by: larsd on December 11, 2021, 04:10:00 pm
policy based
Title: Re: IPsec: remote network is routet through WAN-gateway
Post by: alh on January 10, 2022, 02:17:52 pm
No dice. The firewall just does not route the packets through to the other LAN. Your setup just leads to TTL exceeded in transit for me...
Title: Re: IPsec: remote network is routet through WAN-gateway
Post by: alh on January 10, 2022, 02:39:07 pm
Solved it with the help of this post:

https://administrator.de/contentid/539060#comment-1421754 (https://administrator.de/contentid/539060#comment-1421754)