Reboot "losing" routes for routed IPSec tunnel

Started by firsway, April 27, 2020, 12:34:51 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 27, 2020, 12:34:51 AM
Hi All,

Sorry if this has already been covered elsewhere.
I've noticed that on OPNSense 20.1.4 (and now just today 20.1.5) upon a reboot of the system, I can no longer route traffic down a predefined Routed IPSec tunnel.
The System-Routes-Configuration screen shows applicable static routes and the gateway is set to the remote interface, so that all looks good.
However in System-Routes-Status, none of these routes are in the table.
Go back to the System-Routes-Configuration screen, disable all of the static routes by ticking the disable box, Apply, then uncheck the boxes. Apply again, and at that point the routes are written and packets start routing through the tunnel as they should.
This situation is readily reproducible. Is there something I am missing? Or could this be a bug?

Any help would be most welcomed! Thanks!


April 27, 2020, 07:17:32 AM #1
There was an issue in Github and it turned out that setting FQDN in IPsec Peers doesn't work with routed IPsec.
Maybe this is your problem?
April 27, 2020, 03:51:51 PM #2
Quote from: mimugmail on April 27, 2020, 07:17:32 AM
There was an issue in Github and it turned out that setting FQDN in IPsec Peers doesn't work with routed IPsec.
Maybe this is your problem?
Thanks for this! So my phase 1 entries both ends are set up to use FQDN to resolve the peer addresses (remote gateway) Phase 2 tunnel network addresses are just IP addresses in the same subnet.
Nothing too complicated about the setup, and the tunnels do establish OK. Just the issue with the routes not being set up
April 27, 2020, 08:50:49 PM #3
And they will be set up when you switch from FQDN to IP ...
Print
Go Up Pages1
User actions