Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: drifting on May 10, 2021, 04:27:25 PM

Title: Suffering from a basic understanding of alias
Post by: drifting on May 10, 2021, 04:27:25 PM
Please bear with my, I am partially sighted and managed to read my wayn thorugh the WireGuard install.
However there is one part I am totally confused about, and that is this:-

The final piece is to allow traffic from the WireGuard network. First define an alias (e.g. VPN_clients) and include in it the IP addresses (e.g. 10.10.10.2 and 10.10.10.3) or subnet (e.g. 10.10.10.0/24) of the WireGuard clients from which traffic is to be allowed. Do this via Firewall ‣ Aliases (click + in the bottom right).

When I create and alias, it askes for type? Then content? have tried newtork and then the IP's, but it complains they are wrong. Sorry I know this is very basic, but really frustrated and assuming I read something wrong somewhere?

Kind regards Paul.
Title: Re: Suffering from a basic understanding of alias
Post by: RamSense on May 10, 2021, 09:36:04 PM
I have Wireguard working without the use of Alias. And went for the interface solution.
The below websites helped me. I hope they are of any help for you also:

https://homenetworkguy.com/how-to/configure-wireguard-opnsense/ (https://homenetworkguy.com/how-to/configure-wireguard-opnsense/)

https://miha-kralj.medium.com/vpn-with-wireguard-on-opnsense-7bc1d7451a6e (https://miha-kralj.medium.com/vpn-with-wireguard-on-opnsense-7bc1d7451a6e)

https://blog.linuxserver.io/2019/11/16/setting-up-wireguard-on-opnsense-android/ (https://blog.linuxserver.io/2019/11/16/setting-up-wireguard-on-opnsense-android/)

Title: Suffering from a basic understanding of alias
Post by: Greelan on May 10, 2021, 10:46:18 PM
@drifting, if you are looking to include single IPs, use Host(s) as the type, and if you are looking to include a subnet, use Network(s) as the type. You can also put single hosts in Network(s) but have to use CIDR format (/32)

Reading the docs always helps: https://docs.opnsense.org/manual/aliases.html

@RamSense, yes if you define an interface for the wgX device, then you can use the "net" variable that is created for that interface, and don't need to define a separate alias. But defining an interface is optional for a road warrior setup, and if it is not defined it is usually necessary to define an alias rather than using the default "Wireguard net"
Title: Re: Suffering from a basic understanding of alias
Post by: RamSense on May 11, 2021, 07:15:52 PM
@Greenlan: thanks for your answer. Can you tell me why is it better to use created " net" for that interface than the default "Wireguard net" ? What is the difference in opnsense?

Title: Re: Suffering from a basic understanding of alias
Post by: Greelan on May 11, 2021, 10:28:49 PM
Because "Wireguard net" does not work as expected if there are multiple wgX devices and/or multiple endpoints. I don't know why (I haven't been able to find out what is populated in it) but this has tripped up many people. That's why the documentation has been updated
Title: Re: Suffering from a basic understanding of alias
Post by: RamSense on May 12, 2021, 08:06:59 AM
thnx! Excellent to know.
Text only | Text with Images