1
21.7 Legacy Series / Traffic ist routed trough IPSecVPN from Sources other than defined in Phase2.
« on: July 27, 2021, 05:33:02 pm »
Hello List,
thanks to get your attention...I'm managing a OPNsense (v21.1.6) with two external and about 5 internal interfaces let's call them Zones. One internal Zone, connected to a physical internal interface should communicate to Segment: 1.2.3.0/24 (for Example) through the second external interface which works fine, and an other internal Zone which is connected to a VLAN-Interface should communicate, unfortunately, to the identical IP-Range (1.2.3.0/24) through an IPSec-VPN.
So to be clear:
192.168.1.0/24 on Int1 through Ext2 to 1.2.3.0/24
and
192.168.2.0/24 on VLAN2 through an IPSecVPN to 1.2.3.0/24
The destinations (1.2.3.0/24) are different serviceproviders for different purposes.
So i've configured phase2 of the IPSecVPN with the obove source net (192.168.2.0/24) and destination.
First it all worked fine, which was clear to me, because i configured the source (192.168.2.0/24) in phase2, so the IPSecVPN should not be used for source 192.168.1.0/24...but a couple of days later i realized that it did that, the traffic comming from 192.168.1.0/24 was routed through the IPSecVPN to the wrong Serviceprovider.
Maybe this scenario is unsupported, are there any hints what to do in such a case (identical target IP-Ranges with diferent providers)?
any help is welcome...
thanks to get your attention...I'm managing a OPNsense (v21.1.6) with two external and about 5 internal interfaces let's call them Zones. One internal Zone, connected to a physical internal interface should communicate to Segment: 1.2.3.0/24 (for Example) through the second external interface which works fine, and an other internal Zone which is connected to a VLAN-Interface should communicate, unfortunately, to the identical IP-Range (1.2.3.0/24) through an IPSec-VPN.
So to be clear:
192.168.1.0/24 on Int1 through Ext2 to 1.2.3.0/24
and
192.168.2.0/24 on VLAN2 through an IPSecVPN to 1.2.3.0/24
The destinations (1.2.3.0/24) are different serviceproviders for different purposes.
So i've configured phase2 of the IPSecVPN with the obove source net (192.168.2.0/24) and destination.
First it all worked fine, which was clear to me, because i configured the source (192.168.2.0/24) in phase2, so the IPSecVPN should not be used for source 192.168.1.0/24...but a couple of days later i realized that it did that, the traffic comming from 192.168.1.0/24 was routed through the IPSecVPN to the wrong Serviceprovider.
Maybe this scenario is unsupported, are there any hints what to do in such a case (identical target IP-Ranges with diferent providers)?
any help is welcome...