Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC "Block private networks from WAN"
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC "Block private networks from WAN" (Read 727 times)
bazbaz
Jr. Member
Posts: 53
Karma: 2
IPSEC "Block private networks from WAN"
«
on:
September 18, 2023, 12:04:46 pm »
Hi,
I've an IPSEC, site to site, VTI, tunnel between an OPN and a Fortigate.
The VTI interface has 10.77.36.54 on FG's side, and 10.77.36.53 on OPN's side.
When I try to send something from FG to networks behind OPN, or to 10.77.36.53, I can see on the OPN firewall that packets are discarded because it see them coming from the wan interface, not from the ipsec:
"Block private networks from WAN1"
interface vmx1
interface_name WAN1
why?
«
Last Edit: September 18, 2023, 12:07:11 pm by bazbaz
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6810
Karma: 572
Re: IPSEC "Block private networks from WAN"
«
Reply #1 on:
September 18, 2023, 01:13:40 pm »
If this is a policy based tunnel, there is no separate interface. Packets are considered to come in via WAN.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
bazbaz
Jr. Member
Posts: 53
Karma: 2
Re: IPSEC "Block private networks from WAN"
«
Reply #2 on:
September 19, 2023, 11:41:48 am »
VTI, no policy pased
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC "Block private networks from WAN"