Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Select interface to route packet originated by OPNsense process (bgpd)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Select interface to route packet originated by OPNsense process (bgpd) (Read 67 times)
zemanek
Newbie
Posts: 18
Karma: 0
Select interface to route packet originated by OPNsense process (bgpd)
«
on:
October 30, 2024, 01:48:58 pm »
Hello,
I am trying to set up BGP I successfully set up on a linux machine.
I have (one for now, there will be 2 for redundancy) route based IPsec S2S VPN behind which is a BGP router (192.168.202.68). The peer local tunnel interface has IP 10.101.177.1.
I set up gateway (10.101.177.1) with lower priority than the default one and attached it to the VTI (10.101.177.2) of the IPsec S2S VPN.
I set up static route to 192.168.202.68 via the gateway (10.101.177.1) attached to the VTI.
As the BGP peer requires my BGP router to present itself with different IP (not my OPNsense WAN IP) I set up SNAT for the VTI interface (using virtual IP attached to WAN).
The problem I have is that
I receive TCP SYN (BGP messages) from the BGP peer via IPsec tunnel but BGP messages sent from OPNsense are sent via WAN interface instead of VTI.
How to make some packets from OPNsense to go via a specific interface?
Logged
zemanek
Newbie
Posts: 18
Karma: 0
Re: Select interface to route packet originated by OPNsense process (bgpd)
«
Reply #1 on:
October 30, 2024, 02:48:07 pm »
FYI: If I remove SNAT, I can see in packet capture that the packet to 192.168.202.68:179 went through the VTI and was refused by the target.
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
VTI1 any * 192.168.202.68/32 * 10.112.0.177 * NO
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Select interface to route packet originated by OPNsense process (bgpd)