Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - falks

Pages1
#1
Virtual private networks / Re: IPSec Interface (Site-to-Site) with IP address
April 04, 2025, 05:39:55 PM
The thread can be closed https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/access-firewall-over-ipsec.html was sufficient to configure OPNsense.

Now everything can be configured in the GUI and is working.
#2
Virtual private networks / IPSec Interface (Site-to-Site) with IP address
April 01, 2025, 04:10:35 PM
Sorry for the newbie question, but we try to configure our OPNsense with an IPSec tunnel to a Sophos UTM SG (not XG). That is not the issue.


Branch-Office (OPNsense with a NAS)
Headquarter (Sophos SG with AD / DNS)

We would like to use DNS "Query forwarding" and LDAP/AD Connectivity. User should be able to use OpenVPN or WireGuard on the OPNSense by login with their AD credentials. Internal user in the branch office should be able to use the DNS-Server of the Headquarter (but only the Active Directory) Domain.

BUT our OPNSense has no IP-Address on it's IPSec interface and is not able to query or ping the DNS-Server behind the IPSec.


Could you give me a hint to right direction? How do we get an IP Address on the IPSec interface and will this be able to communicate with a Sophos UTM SG (not XG)? Or do we need to replace the Firewall in our headquarter?

We found this article, but couldn't figure out how to implement it:
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/access-firewall-over-ipsec.html

Thank you in advance!


EDIT: If we use over shh:

route add -net [Target-Subnet] [Target-Gateway-IP-Address]

...everything is working as expected.
But is there a better or correct way?
Pages1