Dear Misc,
I have an OpenBSD device with two interfaces: vport10 with an IP address of
192.168.83.1/24 and vport20 with an IP address of 192.168.85.1/24. I have
configured IPSec to route all traffic from these two vport interfaces to
another point through an IPSec tunnel using the destination network
0.0.0.0/0.
Due to IPSec operating before kernel routing, I cannot even ping the
directly connected interfaces' IP addresses.
I've attempted to implement route-based PF rules to solve the issue, but
unfortunately, the problem persists.
I'm looking for a solution that allows for the local traffic between these
two interfaces to bypass the IPSec tunnel, ensuring they can communicate
with each other while keeping the IPSec destination network as 0.0.0.0/0.
Here's my IPSec configuration:
ike active esp tunnel from { 192.168.83.0/24 192.168.85.0/24 } to {
0.0.0.0/0 } \
peer A.B.C.D \
main auth hmac-md5 enc 3des group modp1024 lifetime 86400 \
quick auth hmac-md5 enc 3des group none lifetime 43200 \
psk "verysecret"
Thanks in advance.
