IPSec Site to Site with pfSense

Hello,

I am trying to create a IKEV2 PSK tunnel between two sites. Site A is pfSense which I have created and used tunnels with many times, Site B is a openWrt router (ArcherC7v5). I have tried the method listed here https://openwrt.org/docs/guide-user/services/vpn/strongswan/basics, but after I edit and save the /etc/config/ipsec OpenWrt configuration file for strongSwan, the data never transfers over to /etc/ipsec.conf. I also see nothing in the logs about IPsec even after reboots. I did everything in the 3 ipsec guides from wiki including firewall rules. I also took a look at configuring strongswan manually in the /etc/IPsec.conf (https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/moon.ipsec.conf) but I don't understand what right and left subnet ID do and what the point of them are. Also don't understand how to set multiple subnets with that.

I would use OpenVPN as it looks very easy, just upload a configuration file but I don't want to have to deal with a specific network just for the tunnel, I like how with ipSec the remote subnet comes over exactly as it is (if the remote network is 192.168.1.0/24 then I can ping it's router at 192.168.1.1 from my network over tunnel and get a reply).

If anyone who has successfully setup IPsec on openWrt could give me some pointers, would be much appreciated.

You can setup a site-to-site connection with WireGuard, it doesn't require a tunnel subnet.

I've heard of wireguard, but it does not work properly with PFSense from what I've heard therefore it is not an option unfortunately

I will add to this that I was never able to get IPSec to pfSense working with openwrt, and had very limited success with Mikrotik hardware.

There is a bug with GRE over IPSec (which is what I was doing) that causes it to be wholly unreliable. I ended up just using mikrotik devices on both ends and making a /30 between my openwrt device and mikrotik device. I didn't want to play with it anymore, so I took the easy way out.