Default address in case if IPSec

Started by HappyOpnSense, February 24, 2022, 02:37:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 24, 2022, 02:37:13 PM
Hi,

running OPNSense 22.1 on ARM (yes it works) using IPSec to have a secure connection to my central location. Clients behind the OPNSense FW can reach the central location as expected and FW rules work accordingly.

What doesn't work is when the OPNSense FW needs to reach the central location it self, e.g. for pkg updates as I have a local repo at my central location.

What seems to be the issue is the OPNSense uses the WAN interface address as the default (and that one can;t be used as a source address on the VPN link) rather than the LAN interface address as the default. Any suggestion on what needs to be done to have this changed. If I use ping -S <LAN address> <dest> it all works but e.g. pkg update will not use the LAN address as its source.
OPNSense on Elite Edition Intel N100 - Crucial 16G DDR - Lexar NM620 512GB
February 24, 2022, 07:32:19 PM #1
A similar thing was discussed here including the magical solution:

https://github.com/opnsense/core/issues/5586


Cheers,
Franco
February 24, 2022, 08:10:18 PM #2
Amazing, but it seems to work.

Thnx
OPNSense on Elite Edition Intel N100 - Crucial 16G DDR - Lexar NM620 512GB
February 24, 2022, 08:13:51 PM #3
magic indeed :)
Print
Go Up Pages1
User actions