Messages

Sorry it took so long to follow up on this. I don't see anything abnormal in the IPsec logs. I'm not sure how to read the packet captures, but here's a packet capture taken from the ipsec interface.

https://ufile.io/5ro7v

Please let me know if that's helpful or if there's any other info I can provide to get to the bottom of this. I'm stumped! Thanks in advance!

Local DNS rule should be at the top, rest is fine

I went ahead and moved it to directly below the anti-lockout rule. Thanks for that!

I just did some more testing after doing a states reset and found that I can communicate with the 10.128.121.0/24 network but still cannot communicate with the 10.128.120.0/24 network.

I'm not sure when that started working. Honestly, I've been doing most of my testing with the 120 network and assumed 121 also wouldn't work still.

I'm confused now. How would one work but not the other?

Please post screenshots of LAN rules tab

That's exactly what the above screenshot is. I'll post the URL again: https://imgur.com/a/22WSwvt

Thank you!

No, for Multi WAN you set in LAN rules tab like in the official docs

Are the wiki's I linked above not official? I didn't see any mention of this in those documents... Can you link me to said document?

I tried creating this rule and it did not appear to help:
https://imgur.com/a/22WSwvt

"Remote_Networks" is an alias to 10.128.120/24 and 10.128.121/24

For Ipsec network you have to create an Accept Rule without Gateway above your routing rules

You're referring to this rule, right?
https://imgur.com/a/YSSxs3j

And dont forget to set a static route for Ipsec remote IP

How do I create this static route? IPSec isn't an option when creating a route.

I already have these routes in the routing table which were automatically created by ipsec:
ipv4   10.128.120.0/24   173.8.42.14   US   97   1500   em1   WAN   
ipv4   10.128.121.0/24   173.8.42.14   US   5   1500   em1   WAN

I don't think they're being followed though. I tried running trace route and it just reaches max hops and stops.

You should really post some screenshots of Gateways, Tiering and Rules. Also outbound Nat. And dont forget to set a static route for Ipsec remote IP

Thank you for the response.

Here are some screenshots: https://imgur.com/a/4ZKeRug

It's a pretty basic setup. I setup a single LAN/WAN, followed this article to setup the VPN:
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html

Then followed this article to setup multi-wan:
https://wiki.opnsense.org/manual/how-tos/multiwan.html

Please let me know if I can provide anything else.

Thank you!

Am I posting this in the wrong place or not including enough information?

Anyone?

I have a customer with 3 locations. Everything was initially setup with OPNsense 17 with IPSec VPN setup between all three locations. Everything worked perfectly. A second WAN was added to one location. Since then I can only communicate with devices one way - devices in the other two offices can ping everything in every location. If I am in the office with 2 WAN connections, traffic will not route through the VPN. I can only communicate with devices on that local network.

I read in release notes that there were some routing fixes, so i've performed all updates to 18.7.10 and still am having the same problem. Anyone have any ideas?

I'll take a look in exchange for a ticket:

https://github.com/opnsense/core/issues


Cheers,
Franco

Thank you, Franco. I have created an issue on Github.

Since I can't seem to get a response, maybe pfSense would be a better fit. The forum seems to be much more active and helpful over there.

If you know how to reproduce the problem please let me know.

Franco, how to reproduce the problem is in my post above. Is that normal behavior?

I noticed this same problem today. Fresh install of 18.1, updated, then switched to manual outbound rule generation and *poof* all the rules are gone. In past versions it converted the automatic rules to manual rules that can be edited. Can we get this feature back?