Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Routing between VPNs on different interfaces
« previous
next »
Print
Pages: [
1
]
Author
Topic: Routing between VPNs on different interfaces (Read 781 times)
jsnell
Newbie
Posts: 3
Karma: 0
Routing between VPNs on different interfaces
«
on:
October 20, 2022, 03:08:36 pm »
We have an IPSec VPN established on WAN which is intended to route traffic between our local network and a number of public IP addresses on the remote side. This is already in place using a standard site-to-site configuration with installed policies, and is connecting successfully. However, as the servers on our LAN side are in a datacentre where routing definitions across the private network are outside of our control, we cannot route these public IP addresses over the LAN directly. Instead I had the idea to establish a LAN-side IPSec VPN to connect between the hosts on our private network, like so:
Internal Server ==> IPSec over LAN ==> OPNSense ==> IPSec over WAN ==> Remote Gateway ==> Remote Public IP
However, while both connections appear to be operational, I see that traffic is being dropped by the Default deny/state violation rule. I can add rules to pass the traffic regardless, and I see that if I mtr the remote public IP then the following appear in the firewall logs as green entries:
IPsec 2022-10-20T13:02:32 <OPNsense WAN IP> <Remote IP> icmp
IPsec 2022-10-20T13:02:32 <Internal Server IP> <Remote IP> icmp
However, no traffic is able to cross the two VPNs. I am assuming this is because doing this bypasses the usual NAT functionality of IPSec, or something to that effect. How do I correctly link things up between the two VPNs?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Routing between VPNs on different interfaces