Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Separate IPSEC VTI per Phase 1
« previous
next »
Print
Pages: [
1
]
Author
Topic: Separate IPSEC VTI per Phase 1 (Read 1861 times)
throwaway26a
Newbie
Posts: 8
Karma: 0
Separate IPSEC VTI per Phase 1
«
on:
May 08, 2021, 05:08:56 pm »
Is it possible to have a separate Virtual Tunnel Interface per Phase 1? E.g. with IPSEC actively working with 1 or more IPSEC connections to different locations, the VTI created is 'enc0'. This makes monitoring with NMS difficult since the only interface being reported by SNMP is 'enc0'
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Separate IPSEC VTI per Phase 1
«
Reply #1 on:
May 08, 2021, 06:20:09 pm »
With every Route based IPsec you get a new ipsecX device.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
throwaway26a
Newbie
Posts: 8
Karma: 0
Re: Separate IPSEC VTI per Phase 1
«
Reply #2 on:
May 08, 2021, 06:36:25 pm »
I see the con0/1 interfaces under the ipsec config but those probably aren't polled since they aren't a VTI. I've checked 'Do not install routes' to see if I could force a change but that doesn't seem to be working. I still only have the enc0 showing up as the ipsec interface if I check with ifconfig.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Separate IPSEC VTI per Phase 1