IPSEC Interface

[Andi.K]

Hello everyone,

I have connected two current Sense with an IPSEC (new version) via S2S VPN. So far everything is ok.

One of the sites has Multi WAN. But the backup WAN is not usable for the VPN.

In the legacy version I was able to select the interface for the tunnel. This option is missing in the new version. How can I bind the tunnel to a WAN interface?

Thanks, Andi

[Monviech (Cedrik)]

Hello,

you bind the tunnel to an interface by setting the IP address in the local addresses field in the connection dialog.

[Andi.K]

That's what I would have expected, but it doesn't seem to be the case.

I can see the false WAN IP in the log on the other side with the message "no IKE config found for ...... NO_PROPOSAL_CHOSEN"

Additional question: Where did the settings for:
"Connection Method" / Respond only etc.

Thank you for your help

Andi

[Monviech (Cedrik)]

Hmm okay interesting, I would have assumed that if the WAN IP is not available the traffic will not be sent out.

The respond only is in the child now, you can set the start action to none for example.

[Andi.K]

Thanks for the tip with the child

I also find the interface thing strange, but I don't know what I could have done wrong. An explicit setting for the interface would be useful, I use it often.

[dcol]

What would also be useful is less conflicting and confusing instructions on the Deciso site.
Problem is as OPNsense makes changes, these changes are not reflected in the guide.