IPSEC tunnel goes UP without explicit firewall RULES on the WAN

davide · July 20, 2025, 06:16:27 PM

OPNSense version 25.1.7_2-amd64

I created an IPSEC tunnel (legacy).

I didn't make the rules (I forgot about them) on the WAN (ESP / UDP port 500 / UDP port 4500).

The tunnel goes UP.
How is this possibile?

Reading the documentation, the rules need to be created: https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html

Any suggestion will be appreciated.

Monviech (Cedrik) · July 20, 2025, 07:02:33 PM

Essentially only the responder needs these firewall rules as the initiator creates states that will allow return packets for 500/4500 and esp.

Though if you want to make sure both sites can initiate and esp has no hiccups, creating them firewall rules is the best choice.

IPSEC tunnel goes UP without explicit firewall RULES on the WAN

davide

July 20, 2025, 06:16:27 PM

Monviech (Cedrik)

July 20, 2025, 07:02:33 PM #1