I have no problem in getting the Site-to-Site traffic passing.
But I'm having limited success on doing the far-end break-out, currently it is working from A to B, but not B to A.
I have not found anything in the forum, so could someone point me to any documentation that might help?
Thank you.
Could you provide a network diagram of what you try to do?
Simplified diagram attached.
We have
- vlans A1 and B1 exchanging traffic
- vlans A2 and B2 isolated from each other
- vlan A1 able to use WAN B
I'm trying to get vlan B1 to be able to use WAN A
Site A is running OPNsense (my end). Site B is running Linux iptables.
At site A traffic from site B can be seen routing out via WAN A, but site B does not see the return traffic.
Does the wireguard tunnel config on both sides include:
[Peer]
AllowedIPs = 0.0.0.0/0
Otherwise the wireguard tunnel drops packets with a public IPv4 address as destination.
I would use this tutorial to create a wireguard tunnel as a gateway: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
Thanks.
0.0.0.0/0 Already set
And that was the tutorial I used when configuring the tunnel.