Routing issue over IPsec VTI with BGP

Started by r.laffont, April 15, 2026, 04:49:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 15, 2026, 04:49:46 PM
Hi everyone,

I have set up a IPsec tunnel between an OPNsense firewall and a Sophos firewall using VTI.
From the OPNsense VTI interface, I can successfully ping the Sophos VTI IP and vice versa.

I have initiated a BGP session between these two interfaces, and I can see the routes being exchanged on both firewalls.

However, from a PC behind the OPNsense, I am unable to ping or run a traceroute to the Sophos LAN interface.
I have already created the necessary firewall rules to allow traffic on both sides.

Thank you in advance for your help.
Romain
Today at 01:36:29 PM #1
Does the Sophos have the route back to the PC behind OPNsense?
Does the Sophos know how to route back to the PC?

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
N355 - i226-V | AQC113C | 16G | 500G - PROD

PRXMX
N5105 - i226-V | 2x8G | 512G - NODE #1
N100 - i226-V | 16G | 1T - NODE #2
Print
Go Up Pages1
User actions