OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: choajcj on April 17, 2022, 08:38:07 am

Title: Filtering not working on IPsec virtual interface
Post by: choajcj on April 17, 2022, 08:38:07 am

Hi all!

I'm currently working on setting up an OPNsense firewall deployed as an AWS instance. I have the Zenarmor plug in installed on the OPNsense firewall already. My issue is when using Zenarmor to filter traffic through the firewall. Let me describe in detail below.

I have a routed IPsec VPN tunnel between our office and AWS. I would like to use the OPNsense firewall deployed in AWS as the web and application firewall of our office. My issue is even if I added the virtual interface of the IPsec tunnel to the list of protected interfaces in Zenarmor, traffic is still not blocked. And in the Live Sessions Explorer, there is no traffic passing through that comes from the IPsec virtual interface.

What do you think I am doing wrong?

Thank you very much in advance for your assistance!

Title: Re: Filtering not working on IPsec virtual interface
Post by: sy on April 19, 2022, 04:37:31 pm

Hi,

Zenarmor uses netmap which is an Operating System subsystem to grab packets off the wire. Netmap is not compatible for IPsec Tunnel yet. You can use OpenVPN or Wireguard plug-in version (not the kernel module one). Both of them are compatible and you can protect on Zenarmor. Here is the wireguard and OpenVPN installation document:

https://www.sunnyvalley.io/docs/network-security-tutorials/wireguard-installation
https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html