OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ermitgilsukaru »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - ermitgilsukaru

Pages: [1]
1
Virtual private networks / Re: IPSec between OPNSense and EdgeRouter Infinity, no traffic from OPNSense side
« on: January 09, 2024, 03:27:49 am »
Hi netnut.

Quote from: netnut
Did you set static routes for the relevant networks ?

Yes, but aside from that, traffic destined for the other end of the VTI point-to-point subnet doesn't enter the ipsecN interface. That is, if I try to ping the EdgeRouter from the OPNSense I can't see the traffic on the encryption interfaces, neither enc0 nor ipsecN (pinging the other direction shows traffic arriving on the enc0 interface on the OPNSense but not reaching the ipsecN interface)

2
Virtual private networks / Re: IPSec between OPNSense and EdgeRouter Infinity, no traffic from OPNSense side
« on: January 08, 2024, 07:05:25 pm »
Hi Monviech and thanks for answering.

I have reqid=10 in the following two places:

VPN > IPSec > Virtual Tunnel interfaces > [the interface in question]

VPN > IPSec > Connections > [edit tunnel] > Children

Are there any more places I'm missing?

This is the only tunnel defined on this particular OPNSense instance.

I'm reading through the thread you linked now, will probably take me some time to parse the relevant info from it.

3
Virtual private networks / IPSec between OPNSense and EdgeRouter Infinity, no traffic from OPNSense side
« on: January 08, 2024, 05:08:17 pm »
Hi.

My company has servers at two colocation datacenters. We used to have EdgeRouter Infinities at both sites connected with VTI IPSec but I recently changed out one of the EdgeRouters with an OPNSense instance. I tried setting up an VTI IPSec connection between the still running EdgeRouter and the new OPNSense instance, but I haven't been able to get it usable.

The problem seems to the that the OPNSense gets traffic through the tunnel but doesn't send it to the ipsecN interface (and likewise, traffic from the inside network that should be routed to the other end of the IPSec tunnel doesn't enter the ipsecN interface).

The tunnel is up according to the VPN > IPSec > Status Overview page and I can see traffic arriving on the enc0 interface with tcpdump. However, tcpdump on the ipsec10 interface doesn't show any traffic.

I followed the guide at https://docs.opnsense.org/manual/how-tos/ipsec-s2s-conn-route.html to set up a new-style connection instead of the "legacy" style.

My home router is also an OPNSense instance and I've set up what I thought was an identical tunnel there without problems. Tcpdump show traffic on both the enc0 and ipsecN.

I'm not sure how to troubleshoot this; I've gone through the guide a few times to see if I can find any disrepancy, but I'm not an advanced enough user of OPNSense to know what to do next.

Any hints?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2