Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec tunnel 23.1.1_2 manual SPD entries
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPsec tunnel 23.1.1_2 manual SPD entries (Read 1260 times)
atom
Full Member
Posts: 207
Karma: 4
IPsec tunnel 23.1.1_2 manual SPD entries
«
on:
February 23, 2023, 02:17:23 pm »
Hello,
I'm looking for a way to add manual SPD entries with the "Connections[new]" interface.
It looks like you can add more networks in "Edit Child", but the networks don't show up in 'setkey -DP" and the traffic goes directly to WAN instead of IPsec. Any idea ?
Regards,
atom
Logged
iceknight
Newbie
Posts: 3
Karma: 0
Re: IPsec tunnel 23.1.1_2 manual SPD entries
«
Reply #1 on:
July 28, 2023, 08:16:18 pm »
Hello,
Did you find a solution to this problem? I also need to add manual SPD entries to the Connections[new] tunnels and have not found where to do so.
Thanks,
Iceknight
Logged
Monviech
Hero Member
Posts: 1063
Karma: 114
Re: IPsec tunnel 23.1.1_2 manual SPD entries
«
Reply #2 on:
July 28, 2023, 08:34:27 pm »
I did it like this:
In Connections [new] you open "Edit Child" and there you have to input a unique "Reqid", for example 110 or something. If you have more children in that connection, give them 111, 112 etc...
Then you go into "VPN: IPsec: Security Policy Database: Manual" and "+" and then you put the Reqid 110 from before.
Source network is the Network you want to allow being translated with your NAT rule. Destination Network can be left empty.
EDIT:
I see that since the last time I have checked this option, there has been a new "Child" option added. So it might be possible to leave the reqid dynamic, and choose the child here instead. But I didn't test that yet.
Logged
Hardware:
DEC740
iceknight
Newbie
Posts: 3
Karma: 0
Re: IPsec tunnel 23.1.1_2 manual SPD entries
«
Reply #3 on:
July 28, 2023, 10:30:35 pm »
Thanks for the confirmation on this. I was looking at this option but wasn't sure it would work. Let me give it a shot. Did you have to reboot the firewall to get it to work or just restating ipsec?
Logged
iceknight
Newbie
Posts: 3
Karma: 0
Re: IPsec tunnel 23.1.1_2 manual SPD entries
«
Reply #4 on:
July 28, 2023, 11:39:31 pm »
I just tried the recommended settings and they worked, no need of reboot or Ipsec restart, just need to bring down each tunnel individually, disable old IPsec tunnels, and enable new Connections tunnels and it worked like a charm. I also setup the manual SPDs using the new "Child" option instead of setting a numeric Reqid.
For anyone else looking to implement this don't forget to first remove the existing SPDs by looking up their Reqid in the "Manual" tab and then removing those entries from the "Installed" tab list of the SP database, before bringing up the migrated tunnels.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec tunnel 23.1.1_2 manual SPD entries