Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec VPN works only one way - GCP
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: IPsec VPN works only one way - GCP (Read 5901 times)
rbed
Newbie
Posts: 16
Karma: 0
Re: IPsec VPN works only one way - GCP
«
Reply #15 on:
September 14, 2021, 09:35:33 am »
Tunnel details for the Azure guide setup
Logged
rbed
Newbie
Posts: 16
Karma: 0
Re: IPsec VPN works only one way - GCP
«
Reply #16 on:
September 14, 2021, 09:38:03 am »
LAN is the only interface (I deleted the weird OPT1)
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPsec VPN works only one way - GCP
«
Reply #17 on:
September 14, 2021, 09:57:45 am »
Why only the LAN? Shouldn't it be WAN? Is this the GCP box or on-prem?
And why respond only? Also /128 looks weird
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
rbed
Newbie
Posts: 16
Karma: 0
Re: IPsec VPN works only one way - GCP
«
Reply #18 on:
September 14, 2021, 02:03:02 pm »
The OPNsense VPN Gateway (.99) is not the default gateway (that's .65).
There Azure guide
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html
had "respond only" in it, that's why.
I was wondering about the /128, too, but I cannot change it.
Logged
rbed
Newbie
Posts: 16
Karma: 0
Re: IPsec VPN works only one way - GCP
«
Reply #19 on:
September 16, 2021, 03:05:44 pm »
Some more intel:
I see the traffic DC -> GCP coming through in the FW logs on .99. I can also see it in the FW logs within the GCP in the allow-ingress rule I've set up.
I can then also see traffic going back within the GCP but apparently it's lost after that.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPsec VPN works only one way - GCP
«
Reply #20 on:
September 16, 2021, 06:03:56 pm »
I need a Network diagram including IP addresses to fully understand this setup
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
rbed
Newbie
Posts: 16
Karma: 0
Re: IPsec VPN works only one way - GCP
«
Reply #21 on:
September 16, 2021, 06:35:46 pm »
Here's one. I hope that helps.
Actually I'm not 100% sure whether or not .99's traffic is passing through .66 or not.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPsec VPN works only one way - GCP
«
Reply #22 on:
September 16, 2021, 07:27:08 pm »
When .65 gateway of .66 is, why .99? I dont get it
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
rbed
Newbie
Posts: 16
Karma: 0
Re: IPsec VPN works only one way - GCP
«
Reply #23 on:
September 17, 2021, 01:13:31 pm »
That's the not so well documented setup I inherited. The .99 is there because we didn't want to mess around with our live FW.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPsec VPN works only one way - GCP
«
Reply #24 on:
September 17, 2021, 06:08:42 pm »
Please use real IPs and changing only one bit, really, noone is interested in your network
someone around the globe is always scanning it
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
rbed
Newbie
Posts: 16
Karma: 0
Re: IPsec VPN works only one way - GCP
«
Reply #25 on:
September 27, 2021, 10:02:31 am »
Apparently the wrong route was chosen on the way back from the tunnel and then the response was eaten by the bridging firewall.
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec VPN works only one way - GCP