Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Cannot create gateway for IPsec
« previous
next »
Print
Pages: [
1
]
Author
Topic: Cannot create gateway for IPsec (Read 2311 times)
Mantis314
Newbie
Posts: 15
Karma: 0
Cannot create gateway for IPsec
«
on:
May 31, 2021, 02:58:02 am »
Please excuse me if this is covered elsewhere in this forum.
I am new to OpnSense, but not new to firewalls and networking.
I am replacing a pair of old Sonicwalls with a pair of Protectli appliances loaded with the latest version of OpnSense. OPNsense 21.1.6-amd64.
I am trying to create a routed site to site IPsec VPN between my home and my cabin.
I am following the documentation and am running aground when I attempt to create the intermediate network.
(From the documentation)
***********
Gateway Site-A
Name VPNGW Set a name for your gateway
Interface IPSEC1000 Choose the IPsec interface
IP Address 10.111.1.2 Set the peer IP address
Far Gateway Checked This has to be checked as it is a point-to-point connection
************
The problem is that IPSEC is not an option when choosing the interface.
Looking in the main menu under Interfaces, IPSEC is not present there either.
I have exactly the same issue on both ends of the tunnel.
I have searched the documentation, this forum, and elsewhere on the Internet.
I found another topic on this forum "Gateway not working anymore in routed IPsec (Azure)" which seems similar.
I was having the same issue with clean installations of 21.1.5 so I thought I would try the new 21.1.6 but the problem remained.
So far I have not found a solution.
I really don't want to plug my old Sonciwalls back in. It's also a 400 mile round trip to do so.
Any advice please?
Logged
astuckey
Newbie
Posts: 31
Karma: 1
Re: Cannot create gateway for IPsec
«
Reply #1 on:
May 31, 2021, 06:19:41 am »
Hi Mantis314,
I have p2p links set up with IPSEC, currently on 21.1.5.
Make sure you have "Install policy" unchecked in Phase 1 setup, it should create a virtual interface for you.
Then under Interfaces -> Assignments you should be able to provision it as a proper interface then, and after that the interface should appear in the list when creating the gateway.
Note, you may need to restart the IPSEC service after assigning the interface as I find with OpenVPN and Wireguard links, the interface assignment clobbers the already running IP address allocation that the vpn service configured on the interface.
If this isn't the source of your issue, I can share some of my config for you do compare with if you like.
Regards,
Adam
Logged
Mantis314
Newbie
Posts: 15
Karma: 0
Re: Cannot create gateway for IPsec
«
Reply #2 on:
May 31, 2021, 04:16:21 pm »
Install Policy was already unchecked at both ends.
As a test I checked the box and restarted the service, then unchecked it again and restarted the service.
Still no IPsec interface.
So I restarted the firewall.
Still no IPsec interface.
The tunnel is up, has been, I just can't assign any routes to it without a gateway.
Thanks,
Bill
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Cannot create gateway for IPsec