OpenVPN - IPSec: subnets - overlap
-
Long story short: I've upgraded home lab to 2.5.0, had strange things with OpenVPN Site to Site, but little time. So switched to IPSec. Now trying to revert, testing as my abilities allow, before upgrading the datacenter netgate appliances (as I need the openvpn there).
I disabled the ipsec rules, created the tunnel (new) in OpenVPN. But when I try to connect over the new tunnel (established fine), I couldn't connect to the pfSense on the other side.
Glancing through the states, I saw that even though the ipsec is down & disabled, and my states have been reset, the traffic is matched to the IPSec Interface?States Packets Bytes
LAN75 tcp laptop-ip:55793 -> remote-pfsense:443 CLOSED:SYN_SENT 5 / 0 260 B / 0 B
IPsec tcp laptop-ip:55793 -> remote-pfsense:443 SYN_SENT:CLOSED 5 / 0 260 B / 0 B
LAN75 tcp laptop-ip:55794 -> remote-pfsense:443 CLOSED:SYN_SENT 5 / 0 260 B / 0 B
IPsec tcp laptop-ip:55794 -> remote-pfsense:443 SYN_SENT:CLOSED 5 / 0 260 B / 0 BThe IPSec P2's still exist, but are disabled. So I would think it doesn't use that for routing? (I checked the route table, looks fine. )
Have I missed a setting, or is this odd behaviour? (or is this expected behaviour?)-Edit : title (lousy initial choice :-| ) -
seems this is expected behaviour. I have a similar situation with setup in 2.4.5, same subnets existing in Ipsec and OpenVPN don't work well even when disabled in IPSec. Didn't test the inverse, I just erased them. -
-Edit 2: -
Even though the tunnel is disabled in config, it can still be alive (don't ask)
It even survives a service cycle. This is probably the reason the overlap existed in the 1st place...