Config for a hub spoke setup using the mobile client.

[Roy Albinus]

Question about traffic with the config. We are trying to replace a fortinet with a opnsense solution .  We have remote sites (spokes) with a firewall which connects to our central hub. Each remote site has at 10.x.y.0/24 subnet.

configuration
IpSec Mobile clients

Tunnel Settings Fase 1
Respond Only
IKE V1
IPV4
Wan interface
Authentication PSK + Xauth
Mainmode
My Identifier Distinguished name
AES 128 SHA1 DH5

Tunnel isolation
Nat traversel Force
DPD 90 sec 5 retries
Lifetime 3600


Fase 2
mode route-based
local 0.0.0.0   
remote 0.0.0.0
ESP AES12 SHA1 DH5
Lifetime 1800

The remote devices connect. We have two test devices which connect
10.123.10.0/24 10.123.10.254
10.123.11.0/24 10.123.11.254

In the status overview the remote subnets are showing in the Phase 2 overview

In het security Associatin database the connecttion are at the same ikeid and reqid
The Security Policy Database tab installed is empty.

The route 10.0.0.0/8 is added with the ipsec1 as gateway.
Firewall rule Lan outgoing to 10.0.0.0/8 with gateway ipsec1

But no traffic is been noticed.

In the firewall: Log Files Live View is dee the label let out anything from firewall host itself

The traffic is coming in but nog traffic is going out ?

Has anyone any suggestions how to solve this ?