Hi,
I´m using OPNsense with wiregard and openvpn server.
When I route traffic over openvpn to my home-network, mynetwork behaves as if I were at home.
But when I route over wireguard, the devices behaves, as if I came from external.
So over wireguard my FritzBox show me extern Loginsite (Username and password).
Over OpenVPN FritzBox shows me intern loginsite (password).
Where is my fault, where is the difference?
EDIT: FritzBox is a client in my network, only for VoiceOverIP.
Greets
Byte
Some Nat issue?
Hi,
what do you mean?
What can I check?
Greets
Byte
I´ve OPNSense directly connected to an Vigor Modem (no double nat).
No special in Firewall->NAT->Outbound.
Where can I check other information, that can be wrong?
Greets
Byte
Packet capture on the interface and check the source IP, maybe the packets getting natted
Thanks,
but in standard, for wireguard, there is no interface in interfaces.
In firewall->rules there is wireguard, but not in interfaces.
So in Diagnostics->Packet Capture there is no interface to choose for wireguard?!
When I manualy assign wg0 to new interface, in Firewall-Rules there are 2 Entries for Wireguard...
When I manually set new interface and try to connect, it doesn´t work, but packet capture shows following:
13:29:22.395435 IP 100.64.0.110.56423 > 172.30.90.222.80: tcp 0
So I think there is no nat. 100.64.0.110 is my wireguard ip, 172.30.90.222 the fritzbox.
Greets
Byte
So, that packet should be natted that source is within range of Fritzbox.
I'd guess you have a outbound rule and the source doesn't match your wireguard IP.
Ok, what I have to do?
Set outbound
Interface: wireguard
Source: wireguard net
NAT adress: LAN address ????
But no change...
Edit:
Interface: lan
Source: wireguard net
NAT adress: LAN address
Seems to work....
Is this ok or is this setting a secure problem?
Greets Byte
No, it's fine :)