IPSec Supernet

Started by halianelf, June 25, 2018, 12:24:55 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 25, 2018, 12:24:55 AM
I have an HA pair of OPNsense firewalls and an IPSec tunnel set up between it (local) and home (remote). The tunnel runs to an Ubuntu server running StrongSwan. The local side I have a /24 broken down into a couple /27s and a /25 so I just summarized it as the /24. The tunnel is up and active and if I initiate the traffic from the remote side, everything works as expected. If I initiate it from anything local, it doesn't. Running packet captures, if I start a ping from the remote side, I see it on the IPSec and local interfaces but if I do it from the local side, the packet capture shows it on the WAN interface. Is there something I'm missing to get this to work this way?
June 25, 2018, 05:57:23 AM #1
Do you Start the Ping when the VPN is already Up?
June 25, 2018, 11:48:28 PM #2
Yes, the VPN is up when I start the pings.
June 26, 2018, 05:42:16 AM #3
Then you should check NAT rules
June 26, 2018, 08:47:37 AM #4 Last Edit: June 26, 2018, 09:03:19 AM by halianelf
I thought it was a NAT issue but I couldn't figure it out. I had created a NO NAT rule going to my remote subnet but had the interface wrong. I thought it had to be the source interface so I had put LAN and I had also tried WAN but apparently never tried using IPSec. It seems to be working with that NO NAT on the IPSec interface. Thanks!

Edit: I take that back, I never actually hit apply. I guess when I started playing around with adding more phase 2 entries and then removing, it re-established the tunnel and it's working now. No idea... I guess it was just being wonky.
Print
Go Up Pages1
User actions