1
Virtual private networks / OPNsense gateway via IPsec
« on: November 16, 2021, 09:50:06 pm »
Hello,
I have a OPNsense firewall (A) where the WAN interface doesn't provide any internet connectivity. The only thing that is possible via WAN is to connect via IPsec to an upstream OPNsense firewall (B). This connection works well and it is possible for the clients on the LAN interface of (A) to reach LAN interfaces on (B). I've actually defined the following ESP tunnels on (A):
ESP IPv4 tunnel LAN 0.0.0.0/5 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (0-7.x.x.x)
ESP IPv4 tunnel LAN 8.0.0.0/7 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (8-9.x.x.x)
ESP IPv4 tunnel LAN 11.0.0.0/8 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (11.x.x.x)
ESP IPv4 tunnel LAN 12.0.0.0/6 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (12-15.x.x.x)
ESP IPv4 tunnel LAN 16.0.0.0/4 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (16-31.x.x.x)
ESP IPv4 tunnel LAN 32.0.0.0/3 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (32-63.x.x.x)
ESP IPv4 tunnel LAN 64.0.0.0/2 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (64-127.x.x.x)
ESP IPv4 tunnel LAN 128.0.0.0/1 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (128.x.x.x)
By doing that, all traffic from the LAN devices to any IP outside if 10.0.0.0/8 is send via the IPsec tunnel.
Now the issue is, that OPNsense (A) doesn't get any internet connectivity.
Is there any way to instruct OPNsense (A) to use OPNsense (B) as internet gateway over the IPsec tunnel?
Thanks!
I have a OPNsense firewall (A) where the WAN interface doesn't provide any internet connectivity. The only thing that is possible via WAN is to connect via IPsec to an upstream OPNsense firewall (B). This connection works well and it is possible for the clients on the LAN interface of (A) to reach LAN interfaces on (B). I've actually defined the following ESP tunnels on (A):
ESP IPv4 tunnel LAN 0.0.0.0/5 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (0-7.x.x.x)
ESP IPv4 tunnel LAN 8.0.0.0/7 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (8-9.x.x.x)
ESP IPv4 tunnel LAN 11.0.0.0/8 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (11.x.x.x)
ESP IPv4 tunnel LAN 12.0.0.0/6 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (12-15.x.x.x)
ESP IPv4 tunnel LAN 16.0.0.0/4 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (16-31.x.x.x)
ESP IPv4 tunnel LAN 32.0.0.0/3 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (32-63.x.x.x)
ESP IPv4 tunnel LAN 64.0.0.0/2 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (64-127.x.x.x)
ESP IPv4 tunnel LAN 128.0.0.0/1 AES (128 bits) + SHA512 + 14 (2048 bits) Upstream (128.x.x.x)
By doing that, all traffic from the LAN devices to any IP outside if 10.0.0.0/8 is send via the IPsec tunnel.
Now the issue is, that OPNsense (A) doesn't get any internet connectivity.
Is there any way to instruct OPNsense (A) to use OPNsense (B) as internet gateway over the IPsec tunnel?
Thanks!