English Forums > Virtual private networks
Site2Site IPsec connecting 2 corporate networks
(1/1)
Akitoo:
We tried to set up a Site2Site connection with IPsec in OPNsense, however after many days of trial and error it just wouldn't work.
We were given an IPsec configuration, put that into OPNsense and made, as far as we knew, all necessary changes, to make it work. The farthest we got is, that we were able to ping the other side, but its responses didn't arrive back. We tried a lot of different possibilities, but they did not work and to this day, we don't know too precisely what exactly the error was and why it did not work.
Due to trying to avoid the sunk cost fallacy, we wanted to get it to work, so we just set up an empty Linux server, installed the IPsec configuration, just as we did in OPNsense, and added a single firewall rule:
--- Code: ---iptables -t nat -A postrouting -j MASQUERADE
--- End code ---
Now it just works, without any issues.
Obviously, we are not networking experts (we both are mainly Software Engineers and similar positions). That's why you can maybe help us deduct, what went wrong with the installation of this scenario through OPNsense and how I could possibly fix it (the other one gave up on OPNsense, due to the frustration arising from this issue). I think there is only one small bit missing from the setup in OPNsense, that's why I don't just want to let it go and be damned.
P.S.: To add to the misery, we have extensive knowledge of Linux, but only beginner knowledge at most with *BSD.
leyoda:
Finally, did you find the solution with Opnsense alone?
Did you have solutions to your questions about it?
Regards
Leyoda
Akitoo:
Nobody helped us here and nobody who wanted to help had an idea about OPNsense. We tried and tried to make this work in so many ways, but it did not. We had a time limit, so we had to make it work, no matter what.
That's why we followed a generic CLI-only guide for setting up the connection and we settled with that for now.
OPNsense did not help us, this time.
Navigation
[0] Message Index
Go to full version