No VPN connection over OPNSense with my company notebook

[maze-m]

Hello everyone!

I am currently testing an OPNSense firewall and am very satisfied so far. The Sense hangs behind a Firtbox 6690 and is completely set up as an exposed host.

When I now try to connect to the company network with my company notebook via VPN (via Checkpoint Mobile), I get the attached error message on the notebook.

I have also switched the Internet access for the company notebook to "completely pass-through" in the Sense, but unfortunately the VPN connection still does not work.

I hope you can help me so that I can continue to use OPNSense

[maze-m]

Sorry, I forgot this iniformation....

In my Topic in February this year in the Gernan Forum @meyergru wrote :

I don't know exactly, but I have a strong suspicion: Apparently Checkpoint uses IPSEC.
This involves exchanging special ISAKMP packets that work directly on OSI layer 3, i.e. the network layer below TCP and UDP. Since OpnSense normally handles IPSEC itself, there are apparently automatic pf rules that "intercept" this traffic so that it does not get through to your clients.

There is a post about it here. You can disable the automatic rules by just using "manual rules" for NAT, but you would probably have to forward the IPSEC traffic to your client. I have no idea how you could do that, it may even be outside the configurability of OpnSense using the GUI.

This is not a problem with "Road Warrior" (= "Mobile") setups because the end device itself is the end point of the connection. Other VPN protocols, such as Wireguard or OpenVPN, are based on TCP or UDP and can therefore easily be "passed through" to clients at the router.

I've tried by setting my NAT to "manual rules" and created the attached rule (see screenshot)