Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Filtering not working on IPsec virtual interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: Filtering not working on IPsec virtual interface (Read 1638 times)
choajcj
Newbie
Posts: 1
Karma: 0
Filtering not working on IPsec virtual interface
«
on:
April 17, 2022, 08:38:07 am »
Hi all!
I'm currently working on setting up an OPNsense firewall deployed as an AWS instance. I have the Zenarmor plug in installed on the OPNsense firewall already. My issue is when using Zenarmor to filter traffic through the firewall. Let me describe in detail below.
I have a routed IPsec VPN tunnel between our office and AWS. I would like to use the OPNsense firewall deployed in AWS as the web and application firewall of our office. My issue is even if I added the virtual interface of the IPsec tunnel to the list of protected interfaces in Zenarmor, traffic is still not blocked. And in the Live Sessions Explorer, there is no traffic passing through that comes from the IPsec virtual interface.
What do you think I am doing wrong?
Thank you very much in advance for your assistance!
Logged
sy
Hero Member
Posts: 595
Karma: 44
Re: Filtering not working on IPsec virtual interface
«
Reply #1 on:
April 19, 2022, 04:37:31 pm »
Hi,
Zenarmor uses netmap which is an Operating System subsystem to grab packets off the wire. Netmap is not compatible for IPsec Tunnel yet. You can use OpenVPN or Wireguard plug-in version (not the kernel module one). Both of them are compatible and you can protect on Zenarmor. Here is the wireguard and OpenVPN installation document:
https://www.sunnyvalley.io/docs/network-security-tutorials/wireguard-installation
https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Filtering not working on IPsec virtual interface