Print Page - Wireguard tutorial for client use?

Title: Wireguard tutorial for client use?
Post by: tusc on August 29, 2019, 03:08:02 AM

Now that 19.7.3 is out I though I'd try to setup Wireguard with my Mulvad account. I'd like to use policy routing so only a subset of clients in the LAN route through the Wireguard tunnel. Are there any guides out there on how to set this up similar to the openvpn guides? Everything I find on Wireguard and OPNsense is about road warriors. Thanks.

Title: Re: Wineguard tutorial for client use?
Post by: hbc on August 29, 2019, 04:47:30 PM

It's always good to have a wineguard. Keeps care not to drink too much alcohol ::)

Title: Re: Wireguard tutorial for client use?
Post by: tusc on August 29, 2019, 05:42:10 PM

LOL. I didn't catch that typo. Fixed now. Thanks!

Title: Re: Wireguard tutorial for client use?
Post by: mimugmail on August 29, 2019, 05:56:28 PM

Have you read Mullvad Guide at OPNsense Docs?

Title: Re: Wireguard tutorial for client use?
Post by: tusc on August 29, 2019, 07:13:24 PM

Quote from: mimugmail on August 29, 2019, 05:56:28 PM
Have you read Mullvad Guide at OPNsense Docs?

This link? https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html

I have. I can establish a tunnel to Mullvad. My issue is figuring out the rest, what NAT rules to add for policy routing, what should "allowed IPs" be set to, what should the gateway IP address be set to?

*EDIT*

Ok,

I think I have everything in place, the NAT outbound rule, FW LAN rule with the gateway selected. Unfortunately the gateway shows as defunct and I cannot get traffic through the tunnel.

Title: Re: Wireguard tutorial for client use?
Post by: swingline on September 01, 2019, 06:11:07 AM

Quote from: tusc on August 29, 2019, 07:13:24 PM
Quote from: mimugmail on August 29, 2019, 05:56:28 PM
Have you read Mullvad Guide at OPNsense Docs?

This link? https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html

I have. I can establish a tunnel to Mullvad. My issue is figuring out the rest, what NAT rules to add for policy routing, what should "allowed IPs" be set to, what should the gateway IP address be set to?

*EDIT*

Ok,

I think I have everything in place, the NAT outbound rule, FW LAN rule with the gateway selected. Unfortunately, the gateway shows as defunct and I cannot get traffic through the tunnel.

You have to put an IP address in the gateway or it won't work.

I have my wireguard server running on a VPS, and I am unable to get policy-based routing to work using a created gateway for wireguard. I have to route all of the LAN subnet out the wireguard interface. But I was able to selectively bypass wireguard with aliases and using the WAN gateway.

Title: Re: Wireguard tutorial for client use?
Post by: mimugmail on September 01, 2019, 07:19:10 AM

Let's say your WG server has tunnel address 10.1.1.1 and your WG client has 10.1.1.10. Then you create on the WG client a gateway in interface WG (it has to be assigned) with gateway IP 10.1.1.1. And with 19.7.3 you have hidden behind advanced field in local instance (still on client) a Gateway field. There you also type 10.1.1.1 and restart the daemon.

Now you can set policy routes via rules.

OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: tusc on August 29, 2019, 03:08:02 AM