Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Special Routing Issue
« previous
next »
Print
Pages: [
1
]
Author
Topic: Special Routing Issue (Read 1388 times)
jimjohn
Full Member
Posts: 128
Karma: 3
Special Routing Issue
«
on:
October 20, 2021, 04:54:03 pm »
Hi,
I got two sites coupled via IPsec:
(A) is 10.X.X.X
(B) is 192.X.X.X
The IPsec tunnel works. Now at (A), I got an OPNsense appliance with a host connected that I want to reach from (B).
(B) == IPsec ==> (A) ==> OPNsense WAN IF ==> OPNsense LAN IF ==> Target Host
How can I achieve that? I do not see any packages coming in on the WAN IF of my OPNsense appliance (yes, log is on, yes catchall rule defined).
Thanks in advance!
Logged
Patrick M. Hausen
Hero Member
Posts: 6812
Karma: 572
Re: Special Routing Issue
«
Reply #1 on:
October 20, 2021, 05:03:55 pm »
IPsec and routing in general is not transitive. The fact that you can reach A from B does not imply you can reach anything "behind A".
That means that you must add an IPsec phase 2 entry with the network of your OPNsense LAN to your VPN connection. On both sides. Using "local" and "remote" accordingly.
So on VPN gateway at "A" that network is local, on the gateway at "B" it's remote.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
jimjohn
Full Member
Posts: 128
Karma: 3
Re: Special Routing Issue
«
Reply #2 on:
October 20, 2021, 05:26:18 pm »
Thanks.
Since both VPN endpoints are Fritz.Boxes and I also have access to an OPNsense at (B), may it be easier to just build a VPN which is embedded into the IPsec tunnel (i.e. Wireshark, OpenVPN), put the origin host behind the OPNsense at (B) and let the OPNsenses take care of the routing?
If yes, how would I do that?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Special Routing Issue