Messages

1

20.1 Legacy Series / Re: Reboot "losing" routes for routed IPSec tunnel

« on: April 27, 2020, 03:51:51 pm »

There was an issue in Github and it turned out that setting FQDN in IPsec Peers doesn't work with routed IPsec.
Maybe this is your problem?

Thanks for this! So my phase 1 entries both ends are set up to use FQDN to resolve the peer addresses (remote gateway) Phase 2 tunnel network addresses are just IP addresses in the same subnet.
Nothing too complicated about the setup, and the tunnels do establish OK. Just the issue with the routes not being set up

2

20.1 Legacy Series / Reboot "losing" routes for routed IPSec tunnel

« on: April 27, 2020, 12:34:51 am »

Hi All,

Sorry if this has already been covered elsewhere.
I've noticed that on OPNSense 20.1.4 (and now just today 20.1.5) upon a reboot of the system, I can no longer route traffic down a predefined Routed IPSec tunnel.
The System-Routes-Configuration screen shows applicable static routes and the gateway is set to the remote interface, so that all looks good.
However in System-Routes-Status, none of these routes are in the table.
Go back to the System-Routes-Configuration screen, disable all of the static routes by ticking the disable box, Apply, then uncheck the boxes. Apply again, and at that point the routes are written and packets start routing through the tunnel as they should.
This situation is readily reproducible. Is there something I am missing? Or could this be a bug?

Any help would be most welcomed! Thanks!