Routed IPsec: No IPsec Interface by Gateway settings

Started by jonsch, October 12, 2020, 04:01:23 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
October 12, 2020, 04:01:23 PM
Cheers,

I've two OPNsense firewalls in two different locations, both of them have a public IP and two different LAN subnets.
The routed IPsec is build up like the documentation told me: https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html

The IPsec tunnel is up and running, but I can't set the static routes on both firewalls, because there is no option to create a gateway with the IPsec interface? So how should I route the traffic through the tunnel?

Regards,
October 12, 2020, 04:33:34 PM #1
Do you see the new firewall rules tab? IPsec in general is enabled?
October 12, 2020, 04:46:31 PM #2
Yes, the IPsec connection is up and running.
The firewall rule table is also been active with an any any route for testing at the moment.
October 12, 2020, 06:24:31 PM #3
There is no interface for IPsec connections. They donĀ“t provide an interface.

Usually you create as much Phase2 entries as needed to route all the networks you want to route between these sites.
,,The S in IoT stands for Security!" :)
October 12, 2020, 06:42:17 PM #4
Are you sure? Take a look to the official documentation by step 5 they add an single gateway with an IPsec interface?

I just bind the subnets by phase 2 to the IPsec tunnel but thats all. The routing part has to be created seperate, right? How else should the firewall route the traffic to the IPsec tunnel and not to the default route.
October 12, 2020, 06:49:07 PM #5
Sorry, misunderstood your question.

You need to have "install policy" in Phase1 disabled to be able to use the connection for Gateway creation.
,,The S in IoT stands for Security!" :)
October 12, 2020, 06:54:42 PM #6
No problem.
It is still disabled, thats the strange thing.
Any other ideas?
October 12, 2020, 07:01:29 PM #7
Screenshots please, P1, P2, Firewall, Interface
October 12, 2020, 09:32:19 PM #8
Other site is configured the same way.
Attached you will find the screenshots.
October 12, 2020, 09:32:37 PM #9
and the last one...
October 13, 2020, 07:16:21 AM #10
This is a policy based IPsec, you didnt follow the Guide.
Also dont use special chars in description as this will be the name of interface
October 14, 2020, 09:10:08 AM #11
You are right, I have made the phase 2 on a false way.
I have now removed the subnets and add the tunnel source and destination IP.

But there is still now IPsec interface to choose?
October 14, 2020, 09:13:33 AM #12
Quote from: mimugmail on October 13, 2020, 07:16:21 AM
Also dont use special chars in description as this will be the name of interface

New screenshots please ...
October 14, 2020, 09:25:24 AM #13
I have removed also any special characters and white spaces...
The configuration is the same but addresses instead of subnets...
October 14, 2020, 10:43:36 AM #14
You still didn't follow the docs exactly .. it routed and not tunnel ..
Print
Go Up Pages1 2
User actions