Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
[SOLVED] IPsec: remote network is routet through WAN-gateway
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] IPsec: remote network is routet through WAN-gateway (Read 4072 times)
alh
Full Member
Posts: 123
Karma: 6
[SOLVED] IPsec: remote network is routet through WAN-gateway
«
on:
December 11, 2021, 12:45:55 am »
I configured two S2S IPsec tunnels (policy). LAN and IPsec interface feature an allow all rule.
Both remote sites connect and clients in the remote LAN's successfully ping the firewall.
However, the firewall cannot ping any host nor the gateways or the remote sites. It seems like the tunnels are one way only. I looked at the routing table and was surprised to see that the remote LAN's (10.52.10.0/24, 10.62.10.0/24) are added to the default gateway (172.31.1.1).
Any idea where I could have gone wrong?
«
Last Edit: January 10, 2022, 02:39:27 pm by alh
»
Logged
larsd
Newbie
Posts: 17
Karma: 1
Re: IPsec: remote network is routet through WAN-gateway
«
Reply #1 on:
December 11, 2021, 12:14:36 pm »
FIREWALL: SETTINGS: ADVANCED -> Disable Force Gateway
VPN: IPSEC: ADVANCED SETTINGS -> Do not install routes
SYSTEM: GATEWAYS: SINGLE -> create a GW with the same IP address as your LAN interface
SYSTEM: ROUTES: CONFIGURATION -> add needed routes
cheers
Logged
alh
Full Member
Posts: 123
Karma: 6
Re: IPsec: remote network is routet through WAN-gateway
«
Reply #2 on:
December 11, 2021, 03:30:40 pm »
Thanks for your input but if I do this I cannot route between the remote networks...
Logged
larsd
Newbie
Posts: 17
Karma: 1
Re: IPsec: remote network is routet through WAN-gateway
«
Reply #3 on:
December 11, 2021, 03:58:44 pm »
my tunnels are setup this way and the clients can reach the remote networks, as well as the firewalls ...
Logged
alh
Full Member
Posts: 123
Karma: 6
Re: IPsec: remote network is routet through WAN-gateway
«
Reply #4 on:
December 11, 2021, 04:04:01 pm »
And you have a routed IPsec or policy-based?
Logged
larsd
Newbie
Posts: 17
Karma: 1
Re: IPsec: remote network is routet through WAN-gateway
«
Reply #5 on:
December 11, 2021, 04:10:00 pm »
policy based
Logged
alh
Full Member
Posts: 123
Karma: 6
Re: IPsec: remote network is routet through WAN-gateway
«
Reply #6 on:
January 10, 2022, 02:17:52 pm »
No dice. The firewall just does not route the packets through to the other LAN. Your setup just leads to TTL exceeded in transit for me...
Logged
alh
Full Member
Posts: 123
Karma: 6
Re: IPsec: remote network is routet through WAN-gateway
«
Reply #7 on:
January 10, 2022, 02:39:07 pm »
Solved it with the help of this post:
https://administrator.de/contentid/539060#comment-1421754
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
[SOLVED] IPsec: remote network is routet through WAN-gateway