Traffic between two sites via IPsec

Started by Sami Mkaddem, September 29, 2025, 01:41:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 29, 2025, 01:41:58 PM
I have two sites A and B.

In site A, I have:

FW_A (OPNsense) with WAN XXX.XXX.XXX.XXX and LAN 10.0.10.254/24
SERVER_A with IP 10.0.10.1/24 and GW 10.0.10.254
In site B, I have:
FW_B (OPNsense) with WAN YYY.YYY.YYY.YYY and LAN 10.0.20.254/24
SERVER_B with IP 10.0.20.1/24 and GW 10.0.20.254
Site A and B are connected via IPsec (basically default setup).

From SERVER_A, I can ping FW_B and SERVER_B (no problem here).
From SERVER_B, I can ping FW_A and SERVER_A (no problem here).

The problems that I have

from FW_A, I cannot ping FW_B and SERVER_B
from FW_B, I cannot ping FW_A and SERVER_A
How can I fix this?

Thank you very much.

--Sami
September 29, 2025, 05:43:06 PM #1
Do you have the same challange with two OPNsense as with two pfSense?
So in OPNsense you can solve it the same way.
September 29, 2025, 05:50:56 PM #2
Your problem is that with policy based IPsec there is no transfer network for the tunnel so the firewall does not have a proper source address by default. Do you actually need connectivity from the firewall hosts to the respective remote network? If this is just for testing you can specify the source address for ping with "-S" - use the LAN of the device from which you are doing the ping.

If that works as a first step I remember someone posting a nifty trick with a static route. Was that route to the remote network to the host's own LAN address? You might want to try that or whoever gave that advice and/or remembers can confirm or correct.

HTH,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions