Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Routed Point-to-Point IPSec IKEv2 VPN Tunnel with discontiguous nets
« previous
next »
Print
Pages: [
1
]
Author
Topic: Routed Point-to-Point IPSec IKEv2 VPN Tunnel with discontiguous nets (Read 1482 times)
fsebera
Newbie
Posts: 38
Karma: 2
Routed Point-to-Point IPSec IKEv2 VPN Tunnel with discontiguous nets
«
on:
September 09, 2021, 08:55:28 pm »
:
I setup OPNsense (latest 21.x version) to MikroTik routed Point-to-Point IPSec IKEv2 VPN with dynamic BGP routing in my isolated test lab for a pre-production implementation.
While capturing through data traffic on my vCloud (simulated Internet) I noticed traffic being forwarded to OPNsense configured "Remote Network" address range
does
get encrypted, Natted and routed and-to-end; this is correct behavior. However, I notice traffic that falls outside the "Remote Network" address range is not encrypted. As I analyzed this issue, I realized this is also correct behavior based on my configuration.
Example:
OPNsense IPSec VPN Tunnel Settings "Remote Network" address 192.168.3.0/24 - traffic to this range is encrypted.
We implemented a new remote network address 172.16.25.0/23 - traffic to this range is NOT encrypted.
MY QUESTION:
OPNsense
as-well-as MikroTik
offers a single box to add a remote address. Since my 2 networks are discontiguous and
cannot be changed
, is there a way to encrypt both subnets but just these 2 subnets without encrypting any other network traffic egressing the WAN interface?
Thank you
Frank
Logged
fsebera
Newbie
Posts: 38
Karma: 2
Re: Routed Point-to-Point IPSec IKEv2 VPN Tunnel with discontiguous nets
«
Reply #1 on:
September 10, 2021, 07:21:48 pm »
I figured it out, just add another policy under the first one - and on the other end too.
Happy Day
Frank
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Routed Point-to-Point IPSec IKEv2 VPN Tunnel with discontiguous nets