I have a surveillance software (BlueIris) on a dedicated Windows 10 PC on my local network (ip 192.168.11.20). It can be accessed via a CellPhone app or via a web interface. I would like to access it remotely via VPN (so that I don't to open ports... )
I have installed Wireguard on OpnSense and I can access my servers, VM, NAS, and my local PCs remotely (I have Allowed IP in the client as 0.0.0.0/0, and DNS= 192.168.11.1).
However, while I can ping the BlueIris PC and reach the PC, I cannot access BlueIris via its web interface or via cell phone application (which is properly configured, both WAN and LaN are the local network address). BlueIris gives an error message saying " LAN access only" and it shows in its local screen that I am trying to access it via my VPN tunnel address (10.10.9.2) , which I suppose it is rejected as it is not recognized a LAN address (e.g. 192.168.11.x).
I used in the past OpenVPN on a DD-WRT router and all worked well (e.g. I could access BlueIris remotely) , thus my guess is that I am missing a proper configuration in Opnsense, which I installed it a few weeks ago.
I am a noob but my guess is that I need to 'tell' opnsense that my tunnel addresses are to be considered a local network - my guess is that I am missing a NAT configuration, but I wasn't able to find an answer in google (I probably need the right search terms).
My NAT in opnsense is configured as per attached (to allow wireguard connections to access internet, thus I know won't help in this case).
Can you please point me to the relevant resources/google searches? Otherwise I can provide specific information on my setup to track down the issue.
Outbound NAT rule, Interface LAN, source your Wireguard Network, destination LAN subnet.
This should do it
Thank you so much for the very clear instructions. It worked as soon as I set up the rule.
I have attached a copy of the NAT rules in case somebody else has the same problem.
Thanks a lot for ataching, helped a lot!