Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
IPSEC VPN from DrayTek3900 to OpnSense with 2 Subnets
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC VPN from DrayTek3900 to OpnSense with 2 Subnets (Read 3602 times)
sc0ttjm
Newbie
Posts: 42
Karma: 1
IPSEC VPN from DrayTek3900 to OpnSense with 2 Subnets
«
on:
October 05, 2020, 07:40:54 pm »
I tried to find a guide on how to setup an IPSEC VPN between a DrayTek Vigor 3900 and OpnSense but couldn't find one anywhere.
I eventually worked it out and got it working which is great (if anybody wants to know how I did it, just let me know), BUT then I realised that the DrayTek has 2 x Subnets that both need to be accessible from clients on the other side of the OpnSense firewall.
I found this guide on the DrayTek website:
https://www.draytek.com/support/knowledge-base/5428#linux
If you look at "Case 2: Vigor3900 has two local networks while the VPN Peer has one" This is Exactly my scenario.
I've followed this guide but I can only connect to devices on the first subnet and not the second.
The only thing I think of is, could it be because of the security used on the IPSEC tunnel as in the images on the page the connections are green and mine are purple, which means they are IKEv2 Tunnels?
This is my setup (IP's Changed)
DataCentre
Make/Model OpnSense Business Edition
LAN Address 10.0.3.0
LAN Subnet Mask 255.255.255.0
Router IP Address 10.0.3.1
Public IP Address 1.1.1.1
VPN Profile Name IN_Site_1
Call Direction IN
IKE IKEv2
Site 1
Make/Model DrayTek Vigor 3900
LAN Address 10.0.1.0 & 10.0.2.0
LAN Subnet Mask 255.255.255.0
Router IP Address 10.0.1.1
Public IP Address 2.2.2.2
VPN Profile Name Out_DataCentre
Call Direction Out
IKE IKEv2
Result, Tunnel up and I can ping devices on 10.0.1.0 from 10.0.3.0, I can ping devices on 10.0.3.0 from devices on 10.0.1.0, I cannot ping devices on 10.0.2.0 from 10.0.3.0 and vice versa.
Can anybody help?
Thanks
«
Last Edit: October 06, 2020, 08:22:00 pm by sc0ttjm
»
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: IPSEC VPN from DrayTek3900 to OpnSense with 2 Subnets
«
Reply #1 on:
October 05, 2020, 10:43:51 pm »
Can you please post some screenshots of your phase2 configurations and the rules on IPsec interfaces of both sides.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
sc0ttjm
Newbie
Posts: 42
Karma: 1
Re: IPSEC VPN from DrayTek3900 to OpnSense with 2 Subnets
«
Reply #2 on:
October 06, 2020, 11:15:13 am »
As requested, please find attached images showing my setup on both the OpnSense and DrayTek Routers:
I can't find how to display them in the post (is there a guide on how to use this forum?)
Logged
sc0ttjm
Newbie
Posts: 42
Karma: 1
Re: IPSEC VPN from DrayTek3900 to OpnSense with 2 Subnets
«
Reply #3 on:
October 06, 2020, 01:21:10 pm »
HELP - I tried changing both Phase 2 connections from the default option to routed and now I've lost connection to the box completely, I've seen this elsewhere in the forums but I can't find how to fix it again other than reverting to factory defaults which I really don't want to do.
Please can you help?
Is there a way to undo what I did from the shell?
Thanks in advance!
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: IPSEC VPN from DrayTek3900 to OpnSense with 2 Subnets
«
Reply #4 on:
October 06, 2020, 09:05:28 pm »
Yes you can revert to a backup configuration or an earlier configuration state using gui or shell.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
IPSEC VPN from DrayTek3900 to OpnSense with 2 Subnets
