IPsec migration: Tunnel Settings to new Connections

TimmiORG · July 24, 2023, 10:57:19 AM

Hi OPNsense,

I'm looking into the migration of my IPsec configuration to the new IPsec Connection interface.

Tunnel connection looks OK but I don't get any traffic through it. I remembered that the "Tunnel Isolation" was required in the past but I don't find a way to configure this on the new interface.

Any advice?

Best regards
Christoph

franco · July 24, 2023, 02:01:26 PM

Well, tunnel isolation only works of you have at least two phase 2 and one tunnel should always work (normally only the last one).

In the connections the situation is a bit more specific: clone the connection itself and only use one child per connection.

Cheers,
Franco

TimmiORG · July 24, 2023, 04:41:21 PM

Hi Franco,

I have multiple phase twos. But I manage to get it working with the new connections interface.
Have somehow the feeling that I had to delete the old phase 2 from the old tunnel as well as there have been some old SPD entries.

Now the new configuration is working.

Best regards
Christoph

IPsec migration: Tunnel Settings to new Connections

TimmiORG

July 24, 2023, 10:57:19 AM

franco

July 24, 2023, 02:01:26 PM #1

TimmiORG

July 24, 2023, 04:41:21 PM #2