Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Why does source = IPsec net not work in my case?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Why does source = IPsec net not work in my case? (Read 672 times)
Evert
Newbie
Posts: 42
Karma: 4
Why does source = IPsec net not work in my case?
«
on:
February 28, 2024, 10:23:23 am »
Hi all,
I've been configuring an IPsec connection between us, and one of our customers. IPsec itself was working pretty soon (both phase 1 & phase 2), but we had the hardest time pushing bits and bytes through that tunnel...
After trying many things I ended up going to Firewall: Rules: IPsec and changing the source of the rules, which was set to 'IPsec net', to '*'. As soon as I did this, the customer was able to connect to the resources.
We have various other subnets, including 2 Wireguard, where I've set the source to '[subnet name] net' in firewall rules, and this works flawlessly.
Why doesn't this work for our IPsec setup? Did I misconfigure something somewhere, or is this a bug... ahem... feature?
Logged
--
Regards,
Evert
Patrick M. Hausen
Hero Member
Posts: 6795
Karma: 571
Re: Why does source = IPsec net not work in my case?
«
Reply #1 on:
February 28, 2024, 10:59:05 am »
"IPsec net" is the network directly connected to the tunnel interface, not the remote networks of your customer.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Evert
Newbie
Posts: 42
Karma: 4
Re: Why does source = IPsec net not work in my case?
«
Reply #2 on:
February 28, 2024, 12:05:07 pm »
Ah, ok.
What if I replace '*' with an alias containing the networks of our customer? Would that be a functioning compromise?
Logged
--
Regards,
Evert
Patrick M. Hausen
Hero Member
Posts: 6795
Karma: 571
Re: Why does source = IPsec net not work in my case?
«
Reply #3 on:
February 28, 2024, 12:40:57 pm »
Yes, most probably.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Evert
Newbie
Posts: 42
Karma: 4
Re: Why does source = IPsec net not work in my case?
«
Reply #4 on:
March 05, 2024, 08:48:24 am »
Before I make the same mistake twice... It would work with Wireguard, right? That's different in this aspect from IPsec?
Logged
--
Regards,
Evert
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Why does source = IPsec net not work in my case?