OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: vince on September 25, 2017, 11:43:19 am

Title: IPSec tunnel endpoint issues
Post by: vince on September 25, 2017, 11:43:19 am
Hi, I'm pretty stuck right now so I hope someone here can help me.

We have a site-to-site VPN with IPSec and I can ping the site B box from the site A box, but not vice-versa. Site B clients can ping the site A box and everything beyond, site A clients can ping anything beyond the site B box and the box itself.

On site A the routes to site B's subnets point to site A LAN and as far as I understand it doesn't even matter which interface I choose since the tunnel will notice the traffic is for it and forward it to the other site. Same setup on the other box as well.
Now on to IPSec, both boxes have one phase-1 connection and a few phase-2 connections (one phase-2 connection per subnet).

We DID have an additional problem that not all of site B's clients could connect to servers on site A but that somehow vanished after removing the PPPoE-endpoint we had to put in front of site B because of the PPPoE crash in earlier 17.7 releases. If someone could shed some light onto why that might have happened I'd be quite happy as well. I know it might just be en educated guess, but it might help me understand IPSec a bit better.
Title: Re: IPSec tunnel endpoint issues
Post by: BertM on October 30, 2017, 02:33:00 pm

The only time I ever encountered something like that was when I misconfigured firewall rules for IPsec on one side.

Maybe you also have something wrong with Firewall Rules?

Kind regards,