Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Routing over IPsec S2S
« previous
next »
Print
Pages: [
1
]
Author
Topic: Routing over IPsec S2S (Read 1117 times)
Hoppestokken
Newbie
Posts: 3
Karma: 0
Routing over IPsec S2S
«
on:
June 08, 2022, 08:13:48 pm »
Hi!
Probably a stupid question and there is probably an answer in the wiki somewhere, but if somebody could just help me out a bit.
I have OPNsense at home and want to run and IPsec tunnel to OPNsense box at work, that's simple.
But how can I force all traffic in a specific vlan at home through the tunnel, while all the other vlan's exit locally?
Trying to set it up, but I'm doing something wrong..
Thnx in advance
Logged
defaultuserfoo
Full Member
Posts: 191
Karma: 7
Re: Routing over IPsec S2S
«
Reply #1 on:
June 11, 2022, 11:26:47 am »
You could make a firewall rule on the VLAN interface and specify the IPsec gateway to use instead of the default gateway.
How would you do that with wireguard?
Logged
wedge1001
Newbie
Posts: 19
Karma: 2
Re: Routing over IPsec S2S
«
Reply #2 on:
June 15, 2022, 05:05:15 pm »
here's an example
what you have to change:
Interface (your VLAN interface)
Destination / Invert (don't tick it)
Destination (change to any);
Log (i was searching for errors - that's why i ticked it)
Gateway: choose your gateway that will point to your OPNsense at work.
if you don't have an gateway for your remote OP - create one.
1) creat a new interface on your local OP and asign the IPSEC connection
2) restart the connection (because i didn't even get one Interface-assignment of a VPN that will get the IP if the connection is already active)
3) add firewall rules for the new interface according to your needs
4) Go to System -> Gateways -> Single
5) there you should already see a gateway for your new interface - klick on it and enable gateway-monitoring. The IP should either point to the OP at your work (if it answers to ICMP) or something like 8.8.4.4 (or any reachable ip)
Also remember to push/pull/add routes on both sites for VLAN-Tagged LANs etc. (or apply NAT)
Logged
defaultuserfoo
Full Member
Posts: 191
Karma: 7
Re: Routing over IPsec S2S
«
Reply #3 on:
June 18, 2022, 10:48:49 pm »
But wireguard already creates routes. There would be some kind of duplication if I were to create a gateway from the wireguard interface and use it to create rules, or wouldn't there?
I suppose one could block traffic from a specific VLAN to go anywhere else but through the wireguard tunnel, but that would be quite different from forcing all traffic in a given VLAN to go through the wireguard tunnel.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Routing over IPsec S2S