Can't get IPSec Tunnels to work

Started by marc.laederach, August 02, 2016, 06:09:06 PM

Previous topic - Next topic
Hi guys

I'm not a genius at networking but still have some basic experience in this field. A few days ago we have installed OPNSense on a few self built firewalls that have been running a basic linux with some manual firewall settings. But we have some troubles to get the IPSec tunnels up and running.

The whole network consists of three sites that are connected in a WAN network of an ISP which is then somehow routed to the internet (I don't know exactly how this part is but shouldn't play an important role here). All three sites should be connected to each other via an IPSec Tunnel. There is a basic diagram of the network attached (IPSec_Li-Au_Overview.png).

I think it's enough to just look at one IPSec Tunnel: The one between Site A and C. All the settings I used at Site A can be checked in the picture "IPSec_Li-Au.png". The settings used at Site C are shown in picture "IPSec_Au-Li.png".

Some additional information about what is working and what isn't: I can see that traffic is going out at Site C and traffic is coming in at Site A. But not the other way (Check the attachment IPSec_Traffic.png).

Here are the missing attachments...

Hi Marc,

Your Firewalls are in the same WAN subnet? Can you check with wireshark on the gateay if packets are going to the gateway instead of going between the ipsec machines?

Have a look at:

Regards, Uwe

Hi Uwe

Thanks for your suggestions.
Looks like we haven't been running the latest version but 16.7-r2. After an update and restart of the firewall, the ipsec tunnels are working now. They have some short interruptions from time to time but it looks much better now.

Thanks again!