Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Route Based IPsec Limitation
« previous
next »
Print
Pages: [
1
]
Author
Topic: Route Based IPsec Limitation (Read 1693 times)
geotek
Newbie
Posts: 12
Karma: 0
Route Based IPsec Limitation
«
on:
January 22, 2020, 04:53:25 pm »
Scenario: Private LAN on Location A connected via OPNsense 19.7.9 to Internet. OPNsense has Route-Based IPsec tunnel to location B. Everything works as expected, except that the public IP of location B is now unreachable for hosts in private LAN of location A.
I assume that all traffic from LAN to the public IP of location B is erroneously sent via Tunnel Gateway through the tunnel instead of being Natted to the standard default route.
Is this behaviour a general design flaw of Route-Based IPsec on OPNsense or can it be solved somehow?
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: Route Based IPsec Limitation
«
Reply #1 on:
January 23, 2020, 09:44:47 am »
More info with network addresses please, it seems to me that info from the first paragraph conflicts with the second.
Cheers,
Franco
Logged
geotek
Newbie
Posts: 12
Karma: 0
Re: Route Based IPsec Limitation
«
Reply #2 on:
January 23, 2020, 10:51:26 pm »
Take this as an example:
Location A (OPNsense)
LAN: 192.168.10.0/24
Public IP: 1.1.1.1
VPNGW1: 2.2.2.2
Static Route: 192.168.20.0/24 => VPNGW1
Location B (Juniper SRX)
LAN: 192.168.20.0/24
Public IP: 2.2.2.2
IPsec Tunnel between LAN A and LAN B works fine, also does NAT Traffic from LAN to Internet. So everything is fine, except that hosts on LAN A can't reach Public IP of Location B (2.2.2.2), neither ping nor any other port responds.
Since Juniper does Route based IPsec directly and does not have an OpenVPN-like transfer-Net I have to set VPNGW1 to the public IP of site B.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Route Based IPsec Limitation