Migrating IPSec from legacy tunnel to connection.

Started by Martinezio, June 06, 2025, 09:25:31 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 06, 2025, 09:25:31 AM
Hello :)

Recently I've upgraded my router to version 25.1.7_4 and noticed, that with next release (26) there will be removed support for legacy tunnel vpns.

I have currently one ipsec tunnel set between OpnSense and Mikrotik router and while using legacy ipsec tunnel is working totally fine.
I made a try to convert this tunnel to new connection. Tunnel has started up and both routers shows it up and running, SAs was installed as expected, but no traffic was going through. I could not ping any device on other end (either from router nor from any local network device) (firewall is set to allow all traffic over ipsec device, of course).

What could be wrong and does anyone of You had similar issue and could resolve it to make the connections ipsec working correctly?

I do also have the OpenVPN tunnel on this device, which is also set with legacy controls and I am a bit afraid of moving to new connections controls ;)

Thanks in advance for any hint/advice :)
June 09, 2025, 11:08:14 AM #1
Today I've set new connection setup as a client in OpenVPN section - also everything stopped to route packets at all, although the connection has been established and all routes are pulled properly (visible in routing table).
This "Connections" approach is doesn't work for me totally.

Any idea what happens and how to search for issue/root cause or any clue?

So far I've returned to use those "outdated" setups - this is working absolutely fine and I don't see the reason why You are removing this :/ If the same behaviour will be in v26+, then a lot of vpn "maniacs" will stop upgrading OpnSense :(
June 12, 2025, 11:39:20 AM #2
Hi,

exact same Problem here for OpenVPN...

OPNsense 25.1.7_4, OpenVPN configured as Instance, Tunnel is up but no traffic goes through.

When Tunnel is set up as Client/Server (Legacy) everything works.

On the other hand i have a working connection (not legacy) with IPSEC and an Netgate Firewall with Software 2.7x (not under my control, managed by someone else), so maybe your Problem is related to your Mikrotik Router...
June 13, 2025, 10:00:24 AM #3
Hi again,

finally i got my OpenVPN instances working, Problem was related to Client Specific Overrides.

You may want to double-check your Overwrite(s) under VPN: OpenVPN: Client Specific Overrides
Print
Go Up Pages1
User actions