OPNSense S2s VTI Setup not working - How to troubleshoot?

Started by seroal, May 12, 2025, 04:05:39 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 12, 2025, 04:05:39 PM
I have some issues migrationg from Policy Based to route based vpn for a OPNsense S2S VPN (both systems are OPNsense). Actually the Tunnel builts up including Phase2. I can see 0.0.0.0/0 as local and remote identifier. After configuring everything according to the documentation (https://docs.opnsense.org/manual/vpnet.html#new-23-1-vpn-ipsec-connections) routing still does not work. Packetcaptures on vti interfaces on both firewalls shows nothing. I tried to ping the remote VTI adress, but nothing happens. The install policy checkfield was unchecked for sure on both sides.

Just FYI: In the swantctl.conf I did not find anything related to "if_id_in" or "if_id_out". The swantctl doc about VTI says, that this is important... (https://docs.strongswan.org/docs/latest/features/routeBasedVpn.html)


What is the best way troubleshooting this?


Thanks.
Print
Go Up Pages1
User actions