IPSEC Site to Site PSK not passing traffic.

[zombielinux]

I've been following along here: https://docs.opnsense.org/manual/how-tos/ipsec-s2s-conn-route.html in order to establish a link between my local networks (OPNSense) and a remote network (Fortigate).

I'm able to pull up the tunnel and see that the interface (Site1Site2) is created.

No traffic is able to pass over the tunnel however.

Code Select Expand

Site1
Local Network: 172.19.0.0/16
VPN Pool 172.16.100.4/30
VPN Address 172.16.100.6


Site2
Local Network: 172.17.0.0/16
VPN Pool 172.16.100.4/30
VPN Address 172.16.100.5
I've enabled logging on the IPV4 <- * * * * * * and IPV4 -> * * * * * * rules in both the Site1Site2 and IPsec firewall tables.

The symptom I'm seeing in the logs is all outbound traffic is going out the Site1Site2 interface, but all the traffic from Site2 is coming in and hitting the IPsec firewall table/interface.

Should these be connected somehow?

[viragomann]

So you set up an IPSec VTI for any reasons.

Did you add static route on both sites?

[zombielinux]

My IPSEC VTI uses:

The OPNSense WAN address for the "Local Address"
The Fortigate WAN address for the "Remote Address"
172.16.100.6 for the "Local Tunnel Address"
172.16.100.5 for the "Remote Tunnel Address"

I have static routes added on both sides forwarding the remote side's LAN in. I.e. the OPNSense side has a route to 172.17.0.0/16 configured with a gateway of 172.16.100.5