Help Needed: Troubleshooting IPsec Site-to-Site Tunnel with OPNsense and Forti

[Knogle]

Hello everyone,

I hope you're all doing well. I'm currently working on establishing a site-to-site tunnel using IPsec and IKEv2, and I've run into a bit of a snag that I'm hoping you could help me troubleshoot.

Here's the setup:
- **Local endpoint:** OPNsense 22.7 appliance
- **Remote endpoint:** FortiGate firewall
- **Routing:** Policy routing implemented

The tunnel is active, and connectivity seems partially established. The remote host can attempt to ping the local endpoint; however, the local endpoint does not respond. Furthermore, when I SSH into the OPNsense appliance, I'm unable to ping both the remote host and my local IPsec interface. Intriguingly, attempts to ping the local IPsec interface are being routed through the default gateway, leading to no responses:

Code Select Expand


root@sin01-edge-opnsense-fw01:~ # ping 198.18.192.15
PING 198.18.192.15 (198.18.192.15): 56 data bytes
^C
--- 198.18.192.15 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

root@sin01-edge-opnsense-fw01:~ # ping 198.18.192.16
PING 198.18.192.16 (198.18.192.16): 56 data bytes
^C
--- 198.18.192.16 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss

root@sin01-edge-opnsense-fw01:~ # traceroute 198.18.192.16
traceroute to 198.18.192.16 (198.18.192.16), 64 hops max, 40 byte packets
1 192.168.178.1 (192.168.178.1)  0.988 ms  1.104 ms  1.498 ms


It seems like there might be a routing issue, especially for the local connected interface. Have any of you experienced something similar or have insights on what might be going wrong here? Any suggestions or guidance would be greatly appreciated.

Thank you in advance for your help!