Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
IPSec Supernet
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSec Supernet (Read 3926 times)
halianelf
Newbie
Posts: 7
Karma: 0
IPSec Supernet
«
on:
June 25, 2018, 12:24:55 am »
I have an HA pair of OPNsense firewalls and an IPSec tunnel set up between it (local) and home (remote). The tunnel runs to an Ubuntu server running StrongSwan. The local side I have a /24 broken down into a couple /27s and a /25 so I just summarized it as the /24. The tunnel is up and active and if I initiate the traffic from the remote side, everything works as expected. If I initiate it from anything local, it doesn't. Running packet captures, if I start a ping from the remote side, I see it on the IPSec and local interfaces but if I do it from the local side, the packet capture shows it on the WAN interface. Is there something I'm missing to get this to work this way?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSec Supernet
«
Reply #1 on:
June 25, 2018, 05:57:23 am »
Do you Start the Ping when the VPN is already Up?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
halianelf
Newbie
Posts: 7
Karma: 0
Re: IPSec Supernet
«
Reply #2 on:
June 25, 2018, 11:48:28 pm »
Yes, the VPN is up when I start the pings.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSec Supernet
«
Reply #3 on:
June 26, 2018, 05:42:16 am »
Then you should check NAT rules
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
halianelf
Newbie
Posts: 7
Karma: 0
Re: IPSec Supernet
«
Reply #4 on:
June 26, 2018, 08:47:37 am »
I thought it was a NAT issue but I couldn't figure it out. I had created a NO NAT rule going to my remote subnet but had the interface wrong. I thought it had to be the source interface so I had put LAN and I had also tried WAN but apparently never tried using IPSec. It seems to be working with that NO NAT on the IPSec interface. Thanks!
Edit: I take that back, I never actually hit apply. I guess when I started playing around with adding more phase 2 entries and then removing, it re-established the tunnel and it's working now. No idea... I guess it was just being wonky.
«
Last Edit: June 26, 2018, 09:03:19 am by halianelf
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
IPSec Supernet