Show Posts
1
Virtual private networks / Site2Site IPsec connecting 2 corporate networks
« on: October 30, 2020, 10:25:18 am »
We tried to set up a Site2Site connection with IPsec in OPNsense, however after many days of trial and error it just wouldn't work.
We were given an IPsec configuration, put that into OPNsense and made, as far as we knew, all necessary changes, to make it work. The farthest we got is, that we were able to ping the other side, but its responses didn't arrive back. We tried a lot of different possibilities, but they did not work and to this day, we don't know too precisely what exactly the error was and why it did not work.
Due to trying to avoid the sunk cost fallacy, we wanted to get it to work, so we just set up an empty Linux server, installed the IPsec configuration, just as we did in OPNsense, and added a single firewall rule:
Now it just works, without any issues.
Obviously, we are not networking experts (we both are mainly Software Engineers and similar positions). That's why you can maybe help us deduct, what went wrong with the installation of this scenario through OPNsense and how I could possibly fix it (the other one gave up on OPNsense, due to the frustration arising from this issue). I think there is only one small bit missing from the setup in OPNsense, that's why I don't just want to let it go and be damned.
P.S.: To add to the misery, we have extensive knowledge of Linux, but only beginner knowledge at most with *BSD.
We were given an IPsec configuration, put that into OPNsense and made, as far as we knew, all necessary changes, to make it work. The farthest we got is, that we were able to ping the other side, but its responses didn't arrive back. We tried a lot of different possibilities, but they did not work and to this day, we don't know too precisely what exactly the error was and why it did not work.
Due to trying to avoid the sunk cost fallacy, we wanted to get it to work, so we just set up an empty Linux server, installed the IPsec configuration, just as we did in OPNsense, and added a single firewall rule:
Code: [Select]
iptables -t nat -A postrouting -j MASQUERADENow it just works, without any issues.
Obviously, we are not networking experts (we both are mainly Software Engineers and similar positions). That's why you can maybe help us deduct, what went wrong with the installation of this scenario through OPNsense and how I could possibly fix it (the other one gave up on OPNsense, due to the frustration arising from this issue). I think there is only one small bit missing from the setup in OPNsense, that's why I don't just want to let it go and be damned.
P.S.: To add to the misery, we have extensive knowledge of Linux, but only beginner knowledge at most with *BSD.