I have my wireguard set up as a client and it successfully connects to my server. It can ping my server (10.9.0.1) and my server can ping the opnsense wireguard client (10.9.0.3).
I have been attempting for some time now to allow other wireguard clients to access the LAN of my opnsense wireguard client. In the 'Endpoints' section of wireguard configuration if I enter AllowedIPs as 0.0.0.0/24 or 10.1.2.0/24 (LAN subnet) it kills the connection and fails to bring up the wg0 interface. I leave AllowedIPs as 10.9.0.0/24 and the connection is back up, however the LAN is not accessible by other clients.
The tutorials I have followed for a client setup have all said to add other networks in AllowedIPs in the 'Endpoint' tab. Is there anything else I can try or has anyone had success with this scenario ?
Thanks in advance!
OPNsense 21.1.2-amd64
Allowed IP's in Wireguard when run as a client needs to be 0.0.0.0/0 - note the zero final octet
I tried restricting the ip's to the LAN subnet & it worked until an update requiring a reboot. At the moment without wireguard dropped packet logging it's difficult to see which required ip's are being blocked (loopback ?)