Hello everybody
I successfully set up an IPSEC tunnel between my new RB4011iGS+ ROS 6.49.6 and the OpnSense firewall I have on another site. I kept the same configuration of the tunnel I had on OpnSense on the remote site the same I had when on the local site the firewall was an Ubiquiti USG PRO4, which I changed with the RB4011. Obviously the tunnel was fully working between OpnSense and USG PRO4.
Now the tunnel goes up between my OpnSense and the RB4011, but the problem is only some traffic passes it.
For example:
- ping is perfect both ways
- iperf TCP is perfect (50Mbps on a 100Mbps connection) with server on RB side and client on OpnSense side
- iperf TCP is erratic and slow with server on OpnSense side and client on RB side
- iperf UDP is constant but terribly slow in both ways (about 1-2Mbps)
- connections between sites works erratic:
- smb from OpnSense to RB doesn’t work; from RB to OpnSense works (slowly)
- HTTP from OpnSense to RB doesn’t work; from RB to OpnSense works
- SIP phones on OpnSense side fail to register on the PBX on RB side
I already tried many workarounds I found on the forum or on the web: - TCP MSS size mangle rule
- checked firewall rules to allow ipsec traffic and allow connections from wan to port 500 udp
- checked ipsec policies rules
- tried to lower hash and encryption algorithms
I don’t know what elsse to check
I attach the config and the logs
I hope anyone cound help me!
Thank you so much!
ipsec_opnsense_log.log (89.4 KB)
mikrotik_config.txt (9.67 KB)
