Backup to Nextcloud over IPsec fails

[JasMan]

Hey,

I've an IPsec connection to the network of a friend of mine (192.168.0.0/24). He has an Raspi with Nextcloud (192.168.0.10) which I would like to use to backup my OPNsense config regularly.

But OPNsense can't reach this address. When I traceroute the destination raspi.fritz.box from the web interface, OPNsense sends this traffic to the WAN interface/Internet and not through the IPsec tunnel.

Code: [Select]

# /usr/sbin/traceroute -w 2 -n  -m '18'  'raspi.fritz.box'
traceroute to raspi.fritz.box (192.168.0.10), 18 hops max, 40 byte packets
 1  10.0.224.1  1.122 ms  0.631 ms  0.628 ms
 2  [WAN IP]  5.984 ms  5.896 ms  5.888 ms
 3  * * *
 4  * * *
 5  * * *
....
From my LAN behind the OPNsense  I can reach the Nextcloud client. So it's not a general routing issue.
Any ideas to solve this or for a workaround?

Thanks
Jas

[mimugmail]

Add the WAN IP of OPNsense to the P2 SA

[JasMan]

The WAN IP is already a part of the subnet that I've defined in Phase 2 of the SA.
When I change the source IP of the traceroute to one of the LAN interfaces, I get this output:

Code: [Select]

# /usr/sbin/traceroute -w 2 -n  -m '4' -s '10.0.10.1'   '192.168.0.10'
traceroute to raspi.fritz.box (192.168.0.10) from 10.0.10.1, 4 hops max, 40 byte packets
traceroute: sendto: Host is down
traceroute: sendto: Host is down
traceroute: sendto: Host is down
traceroute: sendto: Host is down
traceroute: sendto: Host is down
traceroute: sendto: Host is down
traceroute: sendto: Host is down
 1  * * *
 2  * *traceroute: wrote 192.168.0.10 40 chars, ret=-1
 *
 3 traceroute: wrote 192.168.0.10 40 chars, ret=-1
 *traceroute: wrote 192.168.0.10 40 chars, ret=-1
 *traceroute: wrote 192.168.0.10 40 chars, ret=-1
 *
 4 traceroute: wrote 192.168.0.10 40 chars, ret=-1
 *traceroute: wrote 192.168.0.10 40 chars, ret=-1
 *traceroute: wrote 192.168.0.10 40 chars, ret=-1
 *