IPSec: working, but...

[SimpleRezo]

Hi

I have setup a IPSec using StrongSWAN between an OPNSense and FreeBSD (using StrongSWAN on both side):
  - peer A : OPNSense, IP_PubA, 192.168.148.254
  - peer B : FreeBSD, IP_PubB, 192.168.1.10

It works: no issue for networks clients on both side.

But I cannot access remote network from peer A or B, except when I specify the source.

Code Select Expand

peerA# ping 192.168.1.10
PING 192.168.1.10 (192.168.1.10): 56 data bytes
^C
--- 192.168.1.10 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss


Using tcpdump, i can see that's because, by default, the packet is using IP_PubA as source... so the packet is not using the tunnel (since it does not match the rules). So I tried:

Code Select Expand

peerA# ping -S 192.168.148.254 192.168.1.10
~$ ping -S 192.168.148.254 192.168.1.10
PING 192.168.1.10 (192.168.1.10) from 192.168.148.254: 56 data bytes
64 bytes from 192.168.1.10: icmp_seq=0 ttl=64 time=123.841 ms
64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=120.246 ms
^C
--- 192.168.1.10 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 120.246/122.044/123.841/1.797 ms


And of course, this is working.

How can I configure OPNSense to use it's private IP address as source (by default) when trying to communicate with the remote LAN? Or maybe I'm doing something wrong?