Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
I have two sites with IPsec tunnel… only one Phase II LAN works
« previous
next »
Print
Pages: [
1
]
Author
Topic: I have two sites with IPsec tunnel… only one Phase II LAN works (Read 851 times)
ao
Newbie
Posts: 5
Karma: 0
I have two sites with IPsec tunnel… only one Phase II LAN works
«
on:
March 27, 2023, 03:47:17 pm »
1. I have two sites with IPsec tunnel… one LAN works both ways, but additional LANs do not - thet are configured as per attachment.
Logged
ao
Newbie
Posts: 5
Karma: 0
Re: I have two sites with IPsec tunnel… only one Phase II LAN works
«
Reply #1 on:
March 27, 2023, 03:48:51 pm »
While three LANs configured for Phase II - only one LAN works ... (see attachement)
Logged
ao
Newbie
Posts: 5
Karma: 0
Re: I have two sites with IPsec tunnel… only one Phase II LAN works
«
Reply #2 on:
March 27, 2023, 03:50:19 pm »
3. The Phase 1 seems to work fine ... (see attached)
Logged
ao
Newbie
Posts: 5
Karma: 0
Re: I have two sites with IPsec tunnel… only one Phase II LAN works
«
Reply #3 on:
March 27, 2023, 03:52:55 pm »
Phase II seems to setup routes OK ...
Phase II seems to setup security Policy DB OK ...
The IP Secs firewalls are open ...
Nothing obvious in log files ...
Looking for advice on where to look next please
Logged
Patrick M. Hausen
Hero Member
Posts: 6854
Karma: 575
Re: I have two sites with IPsec tunnel… only one Phase II LAN works
«
Reply #4 on:
March 27, 2023, 03:58:13 pm »
The other side has all three networks as local? Have you tried enabling tunnel isolation?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
ao
Newbie
Posts: 5
Karma: 0
Re: I have two sites with IPsec tunnel… only one Phase II LAN works
«
Reply #5 on:
April 11, 2023, 01:36:27 pm »
Thank You - I finally got help - it is not obvious but need to have matching rule on each end for reverse route ...
Logged
Patrick M. Hausen
Hero Member
Posts: 6854
Karma: 575
Re: I have two sites with IPsec tunnel… only one Phase II LAN works
«
Reply #6 on:
April 11, 2023, 01:55:19 pm »
This is obvious
In a static tunnel setup
all
participating sites need
full
information. Unless default routes/SAs are in place, of course.
Glad you got it working.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
I have two sites with IPsec tunnel… only one Phase II LAN works