I have a OPNsense device with an IPsec VPN to a remote site, which works fine. All traffic from the LAN should go through the VPN, so I configured the Phase 2 like this:
- Local Subnet: LAN network
- Remote Subnet: 0.0.0.0/0
All traffic from my LAN now goes into the tunnel. However, this means that even IP packets to the firewall itself are routed through the VPN. I can see them on the remote gateway, where they are dropped (obviously). As a consequence, I cannot reach the OPNsense web UI from my LAN interface anymore. Other interfaces keep working as expected.
How can I prevent OPNsense from sending traffic that is destined directly to its own interfaces into the VPN tunnel?
My first idea was to add a static route, but I am unsure if that would be possible, as there is no next hop.
Please note that this is not a question about regaining access to the management UI, I know how to do that. What I want to do is allow access from the LAN, while other LAN traffic is sent into the tunnel.