Ping from firewall over IPSEC

[alfemann]

I have a functioning IPSEC-tunnel up running on an OPNsense 17.7.4, and traffic between machines on either side is running perfectly.

I want to use an LDAP-server on the remote side of the IPSEC tunnel for authentication (for incoming openvpn roadwarrior clients). When I try to set this up as a server in OPNsense menu, there is no response from LDAP server. I then tried to ping the server from the OPNsense - no reply.
Doing ping or LDAP from any client on the LAN-side of the OPENsense - works fine.

What on earth could I be missing ??

[franco]

#ping -S LANIP LDAPIP


Cheers,
Franco

[akron]

#ping -S LANIP LDAPIP


Cheers,
Franco

Same behaviour on last OPNsense 19.7.4

from lan subnet across the IPsec tunnel to remote subnet works, but doesn't ping or connectivity from the firewall IP itself (Goes over the default WAN up and not via the IPSec Tunnel), which if you want to connect the firewall to a remote over the tunnel LDAP server doesn't work

any workaround on this?

Cheers

[mimugmail]

Add WAN IP to a second Phase2

[akron]

Add WAN IP to a second Phase2

Not sure if is clear?


what do I have to do so the FW endpoint ping the remote subnet ?

Cheers

[mimugmail]

You add a second Phase2, left wanip/32, right remote subnet

[akron]

You add a second Phase2, left wanip/32, right remote subnet

add a second phase 2 with my WAN IP or Peer WAN IP?

only phase 1 has the peer WAN IP at the moment.

there isn't a more reliable way to get the FW to ping the remote subnet as all endpoints do passing through the firewall?

Cheers