Radius Authentication over IPSec VPN

[Slacky85]

Hello,

I'm facing a problem with the access authentication via a remote Radius server reachable on an IPSEC VPN between OPNSense and another firewall in different location. Basically I have the same problem also for the internal DNS and NTP but one problem at time.
What I can see is that the OPNSense send the authentication request with its WAN IP Address so there is no rule to the remote host and also if I add it of course there isn't route for the traffic to come back over the tunnel.
I made several search but really don't know how I can change this behaviour that seems be the default one. Any idea?

Thanks

[bartjsmit]

Sounds like a general connectivity issue. Make sure there are no firewalls (network or host) to block the traffic and that there are routes in place at both ends.

Bart...

[Slacky85]

No connectivity issue, the VPN is UP and all the traffic pass without problem.
I just need to make OPNSense present itself with the LAN IP address instead of the WAN when it send RADIUS authentication to the RADIUS server that is reachable only through one of the IPSEC VPN.
|--LAN--OPNSense|-----IPSEC-VPN----|SITE_B_FIREWALL--RADIUS_Server|

what I can see from the log is that opnsense send the request with its own wan address so it can't work. No idea if I miss some settings or if there is a trick to modify this.

Thanks

[franco]

Same as https://forum.opnsense.org/index.php?topic=11357.msg51419#msg51419

IPsec is in the way


Cheers,
Franco

[Slacky85]

Thanks Franco!