Problem setting up OPNsense box as Remote Access client

[Pierre]

Hello everybody!
First of all let me say it's a great distro

We've already been using OPNsense devices for IPSEC tunneling to a CISCO ASA for some time, and that works fine!! (PSK)

Where I'm having trouble is trying to use an OPNsense box (Calexium brand, whatever) to connect to another OPNsense box using OpenVPN tunnel (or IPSEC).
The thing is, one (Server) has a fixed IP address, and the other will have a dynamic one (to be used in the field, moving around - a road warrior profile).

On the Client device all I find is a "Peer to Peer" connection that requires the SERVER to know the Client's IP...

(the internet if full of tutorials on how to connect an OpenVPN client (Windows, Android or iOS...) to an OPNsense server, and this is not what I want).

I haven't found a clear tutorial anywhere for this precise configuration, could someone point me in the right direction?

I thank anyone who took the time to read my words and hope I've been clear enough

Thank you!

[Pierre]

Basicaly, I can't get an OpenVPN tunnel from one OPNsense to another (one Server config, one Client)... whatever the config (SSL/TLS, or Shared Key), how hard can it be?

[franco]

Hi Pierre,

This basically works by using an OpenVPN client mode, set the DNS hostname and tick "Infinitely resolve remote server".

For IPsec it works normally when DPD is enabled, unless the "Peer ID" is required as the peer's IP address, which is less than optimal if it keeps moving around.


Cheers,
Franco