Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Policy based routing for IPSEC (not tunnel)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Policy based routing for IPSEC (not tunnel) (Read 2159 times)
mahescho
Jr. Member
Posts: 63
Karma: 2
Policy based routing for IPSEC (not tunnel)
«
on:
January 30, 2020, 03:29:25 pm »
Hi,
I've 3 up links, A, B and C. A is my default gateway. I use policy based routing to direct LAN (and VLAN) traffic to one of these up links. This works as expected.
I've configured my IPSEC VPN to use the interface of up link C. Now I need the IPSEC VPN to use the gateway of up link C. To get this I need policy based routing entries for firewall local traffic (ESP, ISADMP, NAT-T). I can see auto generated rules on up link C for the IPSEC traffic with the gateway of up link C to be set as gateway. But what I found is that they do not get used.
When I do "ipsec up con1" and look at my up link A interface by tcpdump I see the ESP traffic on A instead of C.
When I initial IPSEC from the remote site I see the ESP packages arrive on C and the answers of OpnSense on A.
How to get this working?
TIA
«
Last Edit: January 30, 2020, 03:43:10 pm by mahescho
»
Logged
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Policy based routing for IPSEC (not tunnel)
