[Solved] Site-2-Site IPsec between OPNsense/Sophos UTM

[Hunduster]

Hello all,

I am in the process of actively switching from Sophos UTM to OPNsense.

I had prepared everything on a second appliance and I am now live with OPNsense. In fact, everything is working fine so far.

Unfortunately, however, I'm biting my teeth now for two days on a Site-2-Site IPsec to a Sophos UTM.

My OPNsense establishes the connection to a remote UTM. The remote UTM has a static public IP.

The tunnel is shown as active on both sides. However, I cannot reach the other from either side. Even pings do not work. Since I have replaced the UTM at home, but all networks remain the same, all rules should also fit. I have also double checked the firewall on both sides several times and everything seems to go through.

I'm now to the point where it looks to me like the OPNsense isn't setting the routes correctly. A traceroute always wants to send traffic to the remote subnet through my gateway, which in this case is a Fritzbox.

Has anyone had similar experiences or even got an IPsec working between OPNsense and Sophos UTM?

[Hunduster]

I was able to "solve" the problem in the meantime.
I changed the direction once and let the Sophos build the tunnel. The routes were set directly. Curiously, it now also works in the other direction, i.e. when the OPNsense sets up the tunnel.

Since the UTM will also be replaced by OPNsense, I will not investigate this further for the time being.