Messages

It may be a NAT issue but not sure exactly what to do to fix it. If I ping an outside IP using the default it works and gets a response. If I change it to the inside it doesn't. Not sure if that helps.

Pretty sure my HA is working properly but feel free to take a look and let me know if you see something off. If I missed anything you want to see/think will help troubleshoot, let me know. The rules did update on the secondary when I tried changing the GUI allow run on the WAN interface to the 3 IPs (One for each + CARP) for the firewalls rather than just "This Firewall".

No, doesn't look like the the OpenVPN nor the IPSec (at least initiating it from the remote side) work on the secondary either.

I have a pair of firewalls and a really weird issue. I'm basically never attached to my LAN. I either use the public IP that's has a rule to only allow specific IPs or I'm coming across a VPN.

My primary works fine. I can access it both across the tunnel or using it's public. My secondary, I can't except coming from my VM I used for testing that's on the LAN. Even if I put the primary in persistent maintenance mode, it doesn't work on the CARP IP either.

I enabled logging on the rule that I have allowing traffic from the WAN and the log shows it being allowed but all I ever get is "This site can't be reached x.x.x.x took too long to respond." So at this point I'm at a loss as to what's causing it. It was working fine until I had it reboot (through GUI) because it was giving an error checking for updates yesterday.

Version: OPNsense 18.7.1_3-amd64

I thought it was a NAT issue but I couldn't figure it out. I had created a NO NAT rule going to my remote subnet but had the interface wrong. I thought it had to be the source interface so I had put LAN and I had also tried WAN but apparently never tried using IPSec. It seems to be working with that NO NAT on the IPSec interface. Thanks!

Edit: I take that back, I never actually hit apply. I guess when I started playing around with adding more phase 2 entries and then removing, it re-established the tunnel and it's working now. No idea... I guess it was just being wonky.

Yes, the VPN is up when I start the pings.

I have an HA pair of OPNsense firewalls and an IPSec tunnel set up between it (local) and home (remote). The tunnel runs to an Ubuntu server running StrongSwan. The local side I have a /24 broken down into a couple /27s and a /25 so I just summarized it as the /24. The tunnel is up and active and if I initiate the traffic from the remote side, everything works as expected. If I initiate it from anything local, it doesn't. Running packet captures, if I start a ping from the remote side, I see it on the IPSec and local interfaces but if I do it from the local side, the packet capture shows it on the WAN interface. Is there something I'm missing to get this to work this way?