Security Policiy Database empty / ipsec no traffic going out

stssteffen · March 28, 2019, 01:30:03 PM

Hallo all,

yesterday i migrated a customers firewall from pfsense to opnsense.

OPNsense 19.1.4-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019.

The customer is using several ipsec site-2-site connections. On the OPNSense all connections coming up and traffic is reaching the hosts inside the notwork through the tunnel. But no traffic is leaving the opnsense through the tunnel back to the remote sites.
I mentioned that the Security Policy Database stays empty.

Are there any hints??

AdSchellevis · March 28, 2019, 01:55:00 PM

Hi,

Can you check if "Install policy" in your phase 1 is checked? The default should be checked but wasn't in this version, this will be fixed in the next one.

Best regards,

Ad

reference commit https://github.com/opnsense/core/commit/8b8bbc3bc73c78b536a7bd3e83dcf22e490c1678

stssteffen · March 28, 2019, 02:05:50 PM

:D this was the trick... it was unchecked.

Thank you very much for your quick reply and the solution.

Security Policiy Database empty / ipsec no traffic going out

stssteffen

March 28, 2019, 01:30:03 PM

AdSchellevis

March 28, 2019, 01:55:00 PM #1

stssteffen

March 28, 2019, 02:05:50 PM #2