Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC VTI and Domain Controller Access
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC VTI and Domain Controller Access (Read 233 times)
rgradert
Newbie
Posts: 3
Karma: 0
IPSEC VTI and Domain Controller Access
«
on:
September 25, 2024, 10:20:27 pm »
Hello,
To preface, I have an old Netgate appliance that is failing. Mission critical life safety equiment resides on this network so downtime would need to be limited heavily. As a result, we are standing a new OPNsense firewall up adjacent to the old network. All new Firewall, Switches, VLANs, etc etc.
Vlans are created with any/any on the new FW. Wireguard established for mobile devices. IPSEC established for LAN to LAN traffic between the networks. Tunnels are up and working. Devices ping, some limited services are available.
No domain services can be established. The goal being to stand up a new DC and replicate it to the old. Then slowly move all network devices over to the new system. Once complete, move the DCs over to the new network. Hopefully providing minimal downtime.
Anyone have experience with this.
For one, there is a 'main switch' as the primary gateway with a 0.0.0.0/0 default route to the old firewall. This created the asymmetrical routing issue resulting in default deny rules playing goalie. NoW that is sorted but services still cannot be established.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC VTI and Domain Controller Access