IPSec Supernet

[halianelf]

I have an HA pair of OPNsense firewalls and an IPSec tunnel set up between it (local) and home (remote). The tunnel runs to an Ubuntu server running StrongSwan. The local side I have a /24 broken down into a couple /27s and a /25 so I just summarized it as the /24. The tunnel is up and active and if I initiate the traffic from the remote side, everything works as expected. If I initiate it from anything local, it doesn't. Running packet captures, if I start a ping from the remote side, I see it on the IPSec and local interfaces but if I do it from the local side, the packet capture shows it on the WAN interface. Is there something I'm missing to get this to work this way?

[mimugmail]

Do you Start the Ping when the VPN is already Up?

[halianelf]

Yes, the VPN is up when I start the pings.

[mimugmail]

Then you should check NAT rules

[halianelf]

I thought it was a NAT issue but I couldn't figure it out. I had created a NO NAT rule going to my remote subnet but had the interface wrong. I thought it had to be the source interface so I had put LAN and I had also tried WAN but apparently never tried using IPSec. It seems to be working with that NO NAT on the IPSec interface. Thanks!

Edit: I take that back, I never actually hit apply. I guess when I started playing around with adding more phase 2 entries and then removing, it re-established the tunnel and it's working now. No idea... I guess it was just being wonky.