Hello everyone,
I would like to setup a virtual homelab environment, using OPNsense as router.
All my LAN network traffic from inside the lab need to go out through a Wireguard VPN. This same LAN need to be accessible from the same Wireguard tunnel by other "clients" (like my laptop).
The WAN interface is another LAN where I can't open any port and I don't want to send Internet traffic on it, except Wireguard tunneled...
Here is a small schema showing the desired setup :
(https://forum.opnsense.org/index.php?action=dlattach;topic=16847.0;attach=9934;image)
I have a Debian VPS acting as a Wireguard "Server", using the following config :
# VPS
[Interface]
Address = 10.8.0.1/24
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE;
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE;
ListenPort = 12345
PrivateKey = XXXXXXXXXXXXXXXXXXXXXX
# OPNsense
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.8.0.2/32
# Laptop
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.8.0.3/32
I've followed these tutorials from the docs https://wiki.opnsense.org/manual/how-tos/wireguard-client-azire.html and https://wiki.opnsense.org/manual/how-tos/wireguard-client-mullvad.html.
Here are my configuration on the OPNsense side :
Local :
(https://forum.opnsense.org/index.php?action=dlattach;topic=16847.0;attach=9936;image)
Endpoint :
(https://forum.opnsense.org/index.php?action=dlattach;topic=16847.0;attach=9938;image)
NAT/Outbound :
(https://forum.opnsense.org/index.php?action=dlattach;topic=16847.0;attach=9940;image)
I'm able to ping the whole Wireguard network.
I'm able to traceroute IPs, showing that everything goes through the tunnel
I can't ping Internet IPs nor DNS names...
I can't visit any internet website...
I've tried to assign the interface, add gateways, change DNS,... nothing works...
Thanks very much in advance,
Kevin