OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • IPSEC "Block private networks from WAN"
« previous next »
  • Print
Pages: [1]

Author Topic: IPSEC "Block private networks from WAN"  (Read 726 times)

bazbaz

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 2
    • View Profile
IPSEC "Block private networks from WAN"
« on: September 18, 2023, 12:04:46 pm »
Hi,
I've an IPSEC, site to site, VTI, tunnel between an OPN and a Fortigate.

The VTI interface has 10.77.36.54 on FG's side, and 10.77.36.53 on OPN's side.

When I try to send something from FG to networks behind OPN, or to 10.77.36.53, I can see on the OPN firewall that packets are discarded because it see them coming from the wan interface, not from the ipsec:
"Block private networks from WAN1"
interface   vmx1
interface_name   WAN1

why?

« Last Edit: September 18, 2023, 12:07:11 pm by bazbaz »
Logged

Patrick M. Hausen

  • Hero Member
  • *****
  • Posts: 6810
  • Karma: 572
    • View Profile
Re: IPSEC "Block private networks from WAN"
« Reply #1 on: September 18, 2023, 01:13:40 pm »
If this is a policy based tunnel, there is no separate interface. Packets are considered to come in via WAN.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

bazbaz

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 2
    • View Profile
Re: IPSEC "Block private networks from WAN"
« Reply #2 on: September 19, 2023, 11:41:48 am »
VTI, no policy pased
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • IPSEC "Block private networks from WAN"
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2