[OpnSense] allow router to connect across IPSec tunnel

Antonin Verrier
networking opensource opnsense

A bit on OpnSense IPSec tunneling and the routing config that should probably have been on by default.

(Tested on OpnSense 26.1)

When setting up an IPSec tunnel in OpenSense, by default, the tunnel will not be used to to access remote hosts by services running on the firewall host itself (eg. : LDAP for auth, syslog, etc.)

To allow services running on OpenSense to use the tunnel:

  1. Create a gateway (System > Gateways > Configuration), bind it to the LAN interface, with the LAN IP as the gateway IP
    gateway creation screenshot
  2. Create a route (System > Routes > Configuration) for the remote subnet and bind it to the gateway you just created
    Route creation screenshot

That's it!

This article was updated on 2026-05-11