VTI tunnels no longer work after system tunables set

Started by michmoor, June 20, 2023, 09:15:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 20, 2023, 09:15:20 PM
Hello everyone,
Back to OPNsense from PFsense and there is a setting available labeled experimental in pfsense but in OPNsense it seems to require system tunables.
I have IPsec VTIs running dynamic routing. I wanted to filter on each VTI interface and create separate rules per interface. I set the system tunables as outlined in the documentation.
I can no longer ping my devices - server to server - across the tunnel. Oddly, routing comes up and because i have a gateway assigned dpinger is able to ping the VTI interface of the remote side. So there is some connectivity.

Any ideas how i can get my LAN 2 LAN traffic working? I have tried bouncing the VPN tunnel with no luck.
June 20, 2023, 09:38:37 PM #1
Figured it out. This was a very strange one.
Keep in mind BGP has been working up until the tunables were set.
One of my LANs was not being advertised into BGP and sent to my neighbors.
Bouncing BGP didnt do. So i had to reload the service and that worked but no change to FRR was done. Weird but hey...Glad it was worked out.
Print
Go Up Pages1
User actions