OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: petera on January 10, 2017, 02:16:59 pm

Title: problems with WAN between two virtual Opensense
Post by: petera on January 10, 2017, 02:16:59 pm

Hi
I have setup 2 opensense firewalls on different VMware Hosts.
Im trying to ping between the public interface and also try to setup a IPSEC tunnel between these 2.
I have a rule that says Internet interface any source any destination any protocol.
I can not ping between these or setup a IPsec, the only way to get this to work is to disble pf thru pfctl -d.
It seems like it do some force routing to the router and not thru layer 2 or this a bug ?

Check picture
regards
Peter

Title: Re: problems with WAN between two virtual Opensense
Post by: petera on January 10, 2017, 08:52:04 pm

I also seen a bug.
It will not create debug.rules on the xml file even if i change it.
So it seems it does not detect file changes in the xml file ?
Do anyone know what process that creates the debug.rule file so i can run it manually.

regards
Peter

Title: Re: problems with WAN between two virtual Opensense
Post by: marnix on January 19, 2017, 11:00:45 am

Peter,

i'm having the same problem and the same test setup as in your picture

Testing between a vigor firewall and an opnsense firewall on the same wan subnet I cannot reach the web interface of the opnsense.

Tracing with wireshark reveals that the traffic from the vigor reaches the opnsense and the opnsense answers to the right L3 ip address (vigor) but in L2 it is sends the frame to the mac adress of my default gateway.

the arp table of the opnsense contains the correct ip/mac combination for my vigor.

For me pfctl -d doesn't help.

Is this by design or a bug?
The same setup with a opnsens replaced with a pfsense firewall works (correct?)

Marnix