Messages

Hi all,
I am faced with a problem that is probably easy to solve.
I have 2 OpnSense firewalls and a Wireguard Site2Site VPN set up there.



Local Network Site A: 10.1.0.0/24
Instance Tunnel IP 10.10.10.1
Allowed IP's Peer: 192.168.100.0/24

Local Network Site B: 192.168.100.0
Tunnel IP 10.10.10.2
Allowed IP's Peer: 10.1.0.0/24


The corresponding routing rules were created automatically.
Firewall rules for the LAN and the WG interface are currently still set to Allow Any

The tunnel is set up and the firewalls reach each other, but I can't ping clients from one or the other firewall
and it doesn't work from client to client either. Only the firewalls themselves can be reached via the WG tunnel.

Where have I made a mistake here?


Thanks for your support.

Best regards Tim

Hi,
the other side of the tunnel is a Sophos SG105 with a dynamic IP address. If the communication in the tunnel is no longer possible, the ddns name can still be pinged, so I do not assume that we have a problem with the changing IP address.

Also a restart of the remote gateway does not lead to the connection enabling communication again.

Only the reboot of the OpenSense itself fixes the problem temporarily.

There are more VPN tunnels with the same setup on the same OpenSense and there the problem does not occur.


Regards Tim

Hi,
i have a opensense with 5 ipsec tunnels, everything works fine. But after 2 - 3 days, communication is no longer possible within one of the tunnels. However, the tunnel is still established. Reestablishing the VPN connection or restarting the ipsec service does not solve the problem.

After restarting the opensense, everything works again for a few days.
All other tunnels work permanently.

Anyone have an idea what this could be?

Regards Tim