OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • 24.1 Legacy Series »
  • How to IPSec Route 0.0.0.0 without breaking the CARP
« previous next »
  • Print
Pages: [1]

Author Topic: How to IPSec Route 0.0.0.0 without breaking the CARP  (Read 312 times)

mliebherr

  • Newbie
  • *
  • Posts: 25
  • Karma: 0
    • View Profile
How to IPSec Route 0.0.0.0 without breaking the CARP
« on: April 18, 2024, 12:31:02 pm »
Hello,

a customers remote site wants to have 0.0.0.0 as remote net in IPSec.
However, if we set this, the Carp Traffic will follow that route, too.

Therefore my HA-Setup breaks becaue the HA Nodes do not reach each other any more.

How do you set up IPsec with a remote net 0.0.0.0 without breaking the local Carp Address?

Thanks,
Michael
Logged

Monviech (Cedrik)

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1596
  • Karma: 176
    • View Profile
Re: How to IPSec Route 0.0.0.0 without breaking the CARP
« Reply #1 on: April 18, 2024, 02:03:46 pm »
A policy based VPN with 0.0.0.0? It installs policies with kernel routes.

What you need is probably a VTI based IPsec Tunnel, with that you can manually control the routes.

https://docs.opnsense.org/manual/how-tos/ipsec-s2s-conn-route.html
Logged
Hardware:
DEC740
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • 24.1 Legacy Series »
  • How to IPSec Route 0.0.0.0 without breaking the CARP
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2