OPNsense Forum

English Forums => General Discussion => Topic started by: n-dolce on November 07, 2022, 08:30:05 pm

Title: Need advice for non-standard Wireguard setup
Post by: n-dolce on November 07, 2022, 08:30:05 pm

Hi there people,

I created an account because since a couple of days I have been biting my nails trying to get a non-standard Wireguard setup to work. There are a lot of tutorials online explaining the so calles Road-Warrior-Setup where people connect from remote to the Wireguard server on a router, or site-to-site setup as well as simple uses of Wireguard as a VPN service. I come from a modest developer background and have prior experience only with basic home routers. So I hope somebody on here can guide me in the correct direction what to do with the many options that OPNSense offers.

I rented a simple small cloud computer as a central point for a Wireguard setup. I configured the Wireguard interface on the server with the usual two lines of allowing forwaring of packages with the PostUp and PostDown options and added three peers. One is my phone, one is my laptop and the last one is supposed to be my OPNSense router.

In OPNSense I configured the interface (under the local tab) and a corresponding endpoint. The current state is that my laptop, my phone as well as all devices in my home network can ping and talk to each other using the IP addresses I assigned to them. The laptop and phone also use the central cloud server as an exit point (VPN functionality). However my OPNSense router does not, which is obvious given the fact that the endpoint only has the 192.168.2.0/24 subnet as allowed IPs. Those IPs are the one I assined to devices on the other site of the tunnel.

So I though I add 0.0.0.0/0 to the endpoint to route all traffic there. When I do this devices in my home network can send pings to the outside, but apart from that all this does is break the setup. Remote devices connected directly to the cloud instance can not communicate into my home network anymore, and while the home network can ping the remote devices it seems that DNS resolution into the internet is completely messed up. Pings into the internet still work though.

OPNSense has so many nobs to turn, and some online tutorials use routes and network card assignments that I had no luck in figuring out what I need to do to use the cloud server as an exit point for my home network as well. I am 75% there but for the last 25% I kindly request your assistance.

P.S. In case my setup is not clear I have attached some images.

Title: Re: Need advice for non-standard Wireguard setup
Post by: n-dolce on November 08, 2022, 08:41:44 pm

If this helps anyone I tried something different and followed the guide: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

I can (somewhat) connect from the network behind the OPNSense router to the outside world, at least it seems websites which DNS information has been cached load fine. Surfing to other websites, like yahoo.com for example result in a timeout. So something is afot with DNS here.