Configuring Route-based VPN
In a route-based VPN, an IPsec VPN tunnel is created between endpoints based on the route and destination IP address.
To configure a route-based VPN:
-
In the OPNsense Administrator Portal, go to VPN > IPsec > Tunnel Settings.
-
Enter the Harmony Connect Portal configurations in the site instruction for Phase 1 tunnel configuration.
Make a note of the IPsec tunnels properties shown in the Instructions window.
-
In the Phase 1 section, click the + icon to create the first tunnel.
Make sure that the Tunnel Settings match the settings specified in the Harmony Connect Portal.
-
Do not select the Install policy checkbox.
-
Click Save and repeat steps 1 to 4 to create Phase 2 for the same tunnel.
-
Configure the settings:
-
Select Mode as Route-Based.
-
Enter the local IP address of the endpoint in the branch office.
-
Enter the remote address of Harmony Connect and other details provided in the Harmony Connect Portal.
-
-
Repeat step 1 to 6 to configure Phase 1 and Phase 2 for Tunnel 2.
-
After the configuration, the tunnels’ status is displayed in Status Overview.
These two tunnels generate two new interfaces.
-
Create the gateways for the traffic to route through VTI. Go to System > Gateways > Single and then click +.
-
Create two gateways, one for each tunnel:
-
Select Interface IPsec1 for the first gateway.
-
Select Interface IPsec2 for the second gateway.
-
Select priority 1 so that the new gateway becomes the active gateway.
-
-
Create a policy to allow traffic through the tunnel. Go to Firewall > Rules > LAN and add a rule that allows all traffic to pass through the tunnel.
-
To create the rule, click the + icon on the top right corner and select:
-
Set Interface as LAN
-
Set Source as LANnet
To allow the traffic through the second gateway, select IPsec2GW.
-
|
|
Note - You can exclude traffic from the tunnel. For example, to block 9.9.9.9 from the tunnel, add another firewall rule and select the gateway as WAN. |
