IPsec tunnel blocks local management

[jaco.vandenberg]

Hi,

An IPsec tunnel used for a site-to-site VPN does not allow to manage the opnsense instance once the tunnel is up.
The opnsense is on 10.200.5.1: as soon as the tunnel is started, i can only manage the opensense webinterface from the other site: so from the other side of the tunnel, backwards through to tunnel  :-) !

All routing works as expected, only the fact that I can not manage opnsense through the gateway interface address as soon as the tunnel is started, appears odd to me.

the Anti-Lockout Rule is in place and enabled.

has anybody observed this ?

version 17.1.8 on AMD64

[Julien]

have you checked the rules on the IPSec interface?
next week I am building a replica with two firewall and I will have to configure this.

[jaco.vandenberg]

There is an any-to-any rule on the tunnel, that should apply on the traffic within the tunnel.

the management should not be influenced by the tunnel's settings, it should remain available on the local LAN interface in my opinion. Right now, as soon as the tunnel is started, the management is broken.
Let us know what your findings are.

[Julien]

i just have build this and i can really manage both firewall from both sites.
have you checked the firewall rules from both sides?
let me double check this with you.
when the tunnel is up can you access the devices behind the tunnel right ?
are the remote network on both firewalls not the samen?
i am sure it something with your configuration as i just build two sites and i can access both firewalls using their LAN IP from both sides.
check this again https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html?highlight=site%20site