Is it possible to do unnumbered IPsec VTI?

Isabella Borgward · January 11, 2024, 07:04:05 PM

Trying to interoperate with Sonicwall firewalls. They allow to create an IPsec tunnel interface and create route policies on it, without assigning IPs to the tunnel, or specifying any local/remote subnets. I am not sure about the terminology of this, but I think this would be an unnumbered VTI.
I don't see a way to do this with the OpnSense UI, but it might just be that I am not familiar with how the UI works. If I choose "Route based" then I have to put IP addresses in, otherwise:

"A valid local network IP address must be specified."

Is is it possible to do this?

Is it possible to do unnumbered IPsec VTI?

Isabella Borgward

January 11, 2024, 07:04:05 PM