Messages

Turned out to be the router was redirecting the traffic and sending that message.
To resolve I had to disable ip redirects under interface configuration mode, no ip redirects.

Hello Forum,
I have an issue when using an IPSec routed VPN for some reason the firewall chooses the default gateway instead of the VPN gateway.

Here is the setup.

Cisco router using static routing as the gateway, 172.24.1.1, for the subnet and there is a static route pointing to the OPNSense firewall, 172.24.1.251, as the next hop for a network across an IPSec routed VPN.

When traffic is sent to the network across the VPN I get this response from the router;
From 172.24.1.1 icmp_seq=9 Redirect Host(New nexthop: 172.24.1.251)
From 172.24.1.1 icmp_seq=10 Redirect Host(New nexthop: 172.24.1.251)
From 38.x.x.x icmp_seq=10 Destination Net Unreachable
From 172.24.1.1 icmp_seq=11 Redirect Host(New nexthop: 172.24.1.251)
From 38.x.x.x icmp_seq=11 Destination Net Unreachable

The response is telling the host the next hop is the OPNSense firewall and firewall is sending it out to the internet, 38.X.X.X address, instead of sending it over the VPN.


I'm new to OPNSense so any help is appreciated.
TIA,
Fly

I guess I'll assume this isn't supported yet.

Hello Community,
I have searched for an answer to this and can't find one.  I have setup 2 routed IPSEC VPNs with VTI networks 169.254.254.4/30 and 169.254.254.8/30. I want to monitor the VTIs but monitoring these VTIs fail.  The VPN is up and I can access all the networks across the VPNs. 
I have also observed some strange behavior, I can't ping from the shell or the WebGui but when I do a tcpdump I can see icmp traffic from the other side, Palo Alto with static route monitoring.  So I know the VTI can respond to pings but the OPNSense side won't respond or send ping requests from the VTIs.

Any ideas?

My goal is to use Gateway Group with monitoring to failover between the 2 VPNs.

OPNSense - v24.7.12_4