IPSEC on OPT1/WAN2?
-
Yeah - but that doesn't help you to route packets over your IPSEC tunnel via the WAN2 interface from LAN. That is what this static route is for.
– Phob
-
Don't use gateways for IPSEC-Traffic. This will redirect the traffic directly to the upstream gateway and won't send it into the tunnel. Use gateway default for these rules.
-
This was the only way I could get anything to work over my IPSEC tunnel on WAN2 - is there another way?
-
… or is the route needed for WAN2 and not LAN? I'm not at the location with this setup right now - I will be later tonight and I'll take a look.
-- Phob
-
Sorry, but that doesn't make any sense. That definately won't work this way. It's simply wrong.
You need the static route at the wan2 interface for the remote endpoint/32 through ewan2 gateway. Besides that all firewallrules have to use the default gateway so traffic can make it into the tunnel.
-
@hoba: Something that always confused me a bit about the static routes:
Is the "Interface" (first thingy in the static route)
the interface on which traffic goes out,
or the interface to which the route applies to on incomming traffic? -
it's the interface that the gateway for the remote subnet is located behind.
-
Right - OK. So the static route is :
WAN2 (Remote IPSEC Gateway/Public IP) WAN2 GW
Correct?
I was just confused as I'm working in a different location without this setup right now and I got turned around in my brain. :)
– Phob
-
Correct, besides that it is: WAN2, <remote ipsec="" endpoint="" ip="">/32,<wan2-gateway-ip></wan2-gateway-ip></remote>
-
LOL - OK, total brainfart as that is how it is setup at the my other location. Oops … like I said at the beginning, mesa confused! :)
Thanks as usual guys.
-- Phob