VPN blocked by default deny rule

[mszeliga]

Hi

OPNsense default deny rule in "floating" intercepts traffic from IPsec VPN to a network connected directly to OPNsense, there are at least 2 rules which should ensure traffic passing.

I've got a rule for that specific traffic in IPsec (dns and http/s) and added another one allowing all traffic from IPsec to everything in floating.

...any ideas ?

btw. I do have own Deny ALL rules on every interface but this never hit by the IPsec traffic - it goes straight to the floating default deny all rule.


After some more investigation:

IPsec traffic is blocked only if I select the predefined "IPsec net" as source, if I however create an alias with the IPsec network address and use that as the source the traffic is going thru - however responses are then being blocked (as I see it responses are not seen as responses by the firewall but as new connections).

The firewall has several interfaces and all traffic is going as it should - only IPsec has problems.

...and something more:
responses to IPsec traffic are logged several seconds after request leaves the firewall on the correct interface.

I have tried to change IP-address of the VPN just to verify that I don't have a routing issue, I have no problems with traffic between any other interfaces so and the firewall is default gw. on all connected interfaces.