IPSec Connections VPN having Child SA Issue

Started by niravopn23, May 06, 2025, 05:56:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 06, 2025, 05:56:28 PM
Hello,

I'm running the latest release of OPNsense v25.1.5. I have 4 tunnels configured using the legacy IPSec and was able to transferred them over to the new Connections and disabled the tunnels in legacy.

One of the tunnel I'm having issues which has two child objects

My FW: "192.168.2.5/32"

Other FW: "10.168.9.1/32 and 172.2.2.1/32"

I can only connect to the first Child "10.168.9.1" if I change the config and use "172.2.2.1" as first Child it will connect and "10.168.9.1" will be dropped. I have tried adding both tunnel IP into 1 child object but still the same issue only the first will connect.

I don't have this issue when using the legacy tunnel which is nearing the EOL.

For time being I have enabled legacy for "172.2.2.1" and connection for the "10.168.9.1"

Can someone please provide some help. I'm lost.
Thank you,
Nirav
May 06, 2025, 06:18:23 PM #1
Quote from: niravopn23 on May 06, 2025, 05:56:28 PMOne of the tunnel I'm having issues which has two child objects

My FW: "192.168.2.5/32"

Other FW: "10.168.9.1/32 and 172.2.2.1/32"

Try to put both into a single child.
May 06, 2025, 06:49:09 PM #2
I already tried that but same issue, only the first IP gets connected.
Thank you,
Nirav
May 06, 2025, 11:09:22 PM #3
Can anyone please provide some help?
Thank you,
Nirav
Print
Go Up Pages1
User actions